United States: New VoIP CALEA Rules

Article by Thomas K. Crowe, Esq. ¹

On August 9, 2004, the Federal Communications Commission (FCC) released a Notice of Proposed Rulemaking and Declaratory Ruling (NPRM and Ruling) which lay out the agency's proposed approach to implementing a legal framework for the Communications Assistance for Law Enforcement Act (CALEA), particularly with respect to packet-mode technologies such as VoIP.  The FCC's actions, on which it is seeking industry comment, are intended to advance legal and policy proposals with respect to CALEA with an emphasis on the applicability of CALEA to VoIP services and broadband Internet access.

Enacted in October 1994, CALEA was intended to preserve the ability of law enforcement agencies to conduct electronic surveillance by requiring that "telecommunications carriers" and manufacturers of such equipment modify and design their equipment, facilities, and services to ensure that they have the required surveillance capabilities.  Section 103 of CALEA imposes specific obligations on "telecommunications carriers" (as defined under CALEA) for assisting law enforcement, including with respect to 1) call intercept; 2) accessing call identifying information; 3) delivering intercepted communications and call identifying information to the government; and 4) doing so with a minimum of interference to subscriber service and privacy.  The FCC has acknowledged the importance of electronic surveillance in law enforcement's effort to fight terrorism and crime.  The NPRM and Ruling only address CALEA legal and compliance issues and have no impact on the FCC's separate proceeding to examine the appropriate legal and regulatory framework for VoIP services.  (See our Alert dated February 24, 2004.)

The FCC's NPRM and Ruling are the result of a Joint Petition for Expedited Rulemaking filed by the Department of Justice, Federal Bureau of Investigation and the Drug Enforcement Administration (Law Enforcement) requesting that the FCC resolve on an expedited basis certain issues pertaining to CALEA.  Among other things, Law Enforcement requested that the FCC formally identify those services that are subject to CALEA and rule that broadband telephony services such as VoIP are subject to CALEA.

In the NPRM portion of its order, the FCC tentatively concludes that providers of "managed" or "mediated" VoIP services which are offered to the general public as a means of communicating with any telephone subscriber, including parties reachable only through the PSTN, are subject to CALEA.  Examples of providers of managed VoIP services include Vonage, 8x8, Inc., and Level 3.  Such VoIP services offer voice calling capability whereby the VoIP provider acts as a mediator to manage the communication between its end-points and to provide call set up, connection, termination, and party identification features, often generating or modifying dialing, signaling, switching, addressing or routing functions for the user.  These services provide an electronic communication switching or transmission service that replaces a substantial portion of local exchange service for customers in a manner functionally the same as POTS service.  According to the FCC, exempting such "managed" or "mediated" VoIP services from CALEA compliance could undermine Law Enforcement's surveillance efforts.  The FCC seeks public comment on this analysis.

Managed VoIP communications are distinguished from "peer-to-peer" communications which involve disintermediated communications that are set up and managed by the end user via its customer premises equipment or personal computer.  In these non-managed, or disintermediated, communications, the VoIP provider has minimal or no involvement in the flow of packets during the communication, serving instead primarily as a directory that provides users' internet web addresses to facilitate peer-to-peer communications.  Peer-to-Peer communications entail activity among members of a closed user group such as the Free World Dialup offering described in the Pulver.com Declaratory Ruling (see our Legal Alert dated February 24, 2004).  The FCC tentatively concludes that non-managed VoIP services should not be subject to CALEA.  The NPRM and Ruling seek comment on this tentative conclusion.

The FCC also tentatively concludes that facilities-based providers of any type of broadband Internet access, including but not limited to wireline, cable modem, satellite, wireless, and broadband access via the powerline, whether provided on a wholesale or a retail basis, are generally subject to CALEA because they provide replacement for a substantial portion of local telephone service used for dial-up Internet access service and such treatment is in the public interest.

The tentative conclusions reached above by the FCC turn on CALEA's definition of "telecommunications carrier".  Under CALEA, "telecommunications carriers" must ensure that their equipment, facilities, and services are capable of providing surveillance capabilities to law enforcement.  CALEA's definition of a "telecommunications carrier" is unique and more inclusive than that contained under the Communications Act of 1934 (Communications Act).  According to the NPRM and Ruling, for purposes of CALEA, a "telecommunications carrier" is a person or entity engaged in the transmission or switching of wire or electronic communications as a common carrier for hire but also includes entities that provide "a replacement for a substantial portion of the local telephone exchange service".  This interpretation, therefore, gives rise to the possibility that a VoIP provider may not be subject to regulation under the Communications Act but could be subject to regulation and compliance under CALEA.  The FCC seeks comment on this tentative assessment.

According to the FCC, the modifications and upgrades required with respect to CALEA compliance will potentially require significant capital expenditures on the part of carriers.  Further, carriers will face a future of recurring CALEA-related costs given that, as technology develops, telecommunications networks will be upgraded and modified as part of normal business operations.  These upgrades will require in-turn the implementation of new CALEA compliant technology.  Many CALEA-related costs associated with upgrading equipment and facilities deployed prior to January 1995 were paid through a $500 million appropriations fund established by Congress to implement CALEA.  It has been reported that DOJ/FBI has nearly exhausted that fund to bring pre-1995 equipment and facilities into compliance with CALEA.

While CALEA places financial responsibility on the federal government for CALEA implementation costs related to equipment deployed on or before January 1, 1995, the FCC tentatively concludes that carriers bear responsibility for CALEA development and implementation costs for post-January 1, 1995 equipment and facilities.  The NPRM and Ruling seek comment on this tentative conclusion. 

The FCC also seeks comment on cost-recovery options vis-a-vis end user customers.  For example, should CALEA costs be recovered directly from telecommunications and other consumers by means of an FCC-mandated flat monthly charge similar to the current subscriber line charge?  Does the FCC has authority to impose such a charge?  How would such a charge be developed?  In view of the FCC trend over the past 10 years of recovering costs from end user customers through specific surcharge items, chances are high that the cost-recovery analysis will result in the implementation of a new "CALEA Surcharge" assessed to end user customers.

Since packet-mode services may face challenges in complying with the CALEA Section 103 obligations, the FCC is seeking comment on how these obligations can be satisfied.  The existing "J-Standard" (J-STD-025) which serves as the safe harbor for wireline, cellular, and PCS carriers and manufacturers, was initially addressed in the context of circuit switched networks, not packet switched networks.  As a result, Internet service providers and broadband access service providers may not be able to easily isolate call-identifying information for VoIP without examining the packet in detail or, in other words, examining the packet content.  The NPRM and Ruling seek comment on whether the FCC needs to clarify the statutory term "call identifying information" for broadband access and VoIP services.

The FCC also seeks public comment on a compliance solution designed to simplify or ease the burden on carriers and manufacturers in providing packet content and call-identifying information referred to as the "trusted third party approach".  Under this approach, a trusted third party or service bureau that has access to the carrier's network and remotely manages the intercept process for the carrier could supply this information on behalf of the carrier.  Among other things, the FCC seeks comment on the feasibility of using a trusted third party approach to extract the content and call-identifying information from packets.  The FCC also seeks comment on a variety of industry standards for packet-mode technologies which could be considered as "safe harbors" in complying with Section 103.

In its Petition, Law Enforcement requests that the FCC establish rules that specifically define the types of enforcement actions that may be taken against carriers and other entities that fail to comply with their general CALEA obligations or fail to comply with established CALEA compliance benchmarks and deadlines.  According to the FCC, "[w]e believe that it is in the public interest for covered carriers to become CALEA compliant as expeditiously as possible and recognize the importance of effective enforcement of Commission rules affecting such compliance."  Accordingly, the FCC seeks comment on whether its general enforcement procedures are sufficient for purposes of CALEA enforcement, noting that the agency can issue monetary forfeitures and cease and desist orders.  The FCC seeks comment on whether there are any other measures it should take into consideration in deciding how to best enforce CALEA requirements.

If the FCC ultimately decides -- as it appears it will -- that managed VoIP and broadband access providers are subject to CALEA, businesses that have not previously been subject to CALEA will have to comply with its requirements.  Specifically, such entities would be subject to the assistance capability requirements of Section 103, among other things.  Recognizing that entities newly subject to CALEA compliance will need a reasonable amount of time to come into compliance, the FCC seeks public comment on what would be a reasonable amount of time.  Should such businesses come into compliance with or seek relief through an appropriate petition within 90 days, or should such business have 15 months to come into compliance?

The FCC is requesting industry comment on the above tentative conclusions and proposals before issuing its final ruling.  Public comments are due 45 days from the date that the NPRM is published in the Federal Register, and replies are due 75 days from the date of publication in the Federal Register.  If you are interested in knowing when the item is published in the Register, or in submitting public comments, please do not hesitate to contact us.

The final portion of the FCC's Ruling addresses whether wireless push-to-talk "dispatch" services are subject to CALEA requirements.  According to the Ruling, Law Enforcement asserts that an increasing number of wireless carriers offer this service without admitting they have related CALEA obligations. 

The FCC concludes and rules that wireless or Commercial Mobile Radio Service providers offering push-to-talk services that are offered in conjunction with interconnect service to the PSTN are subject to CALEA requirements.  For example, if services such as "traditional" SMR provide interconnection to the PSTN, they are subject to CALEA.  On the other hand, if the push-to-talk service is limited to a private or "closed" network, and is not interconnected to the PSTN, then it remains outside the scope of CALEA.

If you have any questions with respect to the FCC's NPRM and Ruling, please feel free to contact us.

Footnote

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.