Federal law enforcement authorities have, once again, appealed to the Federal Communications Commission (FCC) to expand obligations under the Communications Assistance for Law Enforcement Act (CALEA), 47 U.S.C. § 1001 et seq. During May, FCC rules came into effect applying CALEA to some providers of broadband Internet access and VoIP—an outcome specifically sought by law enforcement. Now, law enforcement wants the FCC to demand more from providers of CDMA2000 packet data wireless services that seek to qualify for a CALEA compliance "safe harbor." On May 15, 2007, the Department of Justice, the Federal Bureau of Investigation, and the Drug Enforcement Administration (collectively, "DOJ") filed a Petition for Expedited Rulemaking (Petition) at the FCC.
CALEA Safe Harbor Standards
All persons in the U.S. must assist law enforcement if served a properly-authorized wiretap order, but CALEA requires more of certain communications service providers. Providers subject to CALEA must affirmatively build into their systems the capability to intercept a surveillance target's communications unobtrusively. They also must be ready to deliver this information to law enforcement quickly in a preferred format. CDMA providers generally are subject to CALEA to the extent they are telecommunications common carriers or providers of facilities-based broadband Internet access or interconnected VoIP service.
CALEA gives standard setting organizations in the communications industry the task of defining technical specifications for CALEA compliance. Compliance with private-sector standards is completely voluntary, but carries potential benefits. Ideally, by meeting such a standard, service providers would enter a "safe harbor" against possible liability for CALEA non-compliance. In practice, however, law enforcement has consistently found private-sector standards deficient and exercised its option under CALEA to ask the FCC to establish a tougher standard by rule.
For example, under FCC rules, providers of wireline, cellular and broadband PCS circuit-switched services may satisfy CALEA requirements by complying with the J-STD-025 standard. Law enforcement rejected the original version of this standard, developed by the Telecommunications Industry Association (TIA) and the Alliance for Telecommunications Industry Solutions (ATIS). The standard became a "safe harbor" only after the FCC largely acquiesced in law enforcement demands for additional requirements, following an appeal to the U.S. Court of Appeals for the District of Columbia Circuit. .
In its current Petition, DOJ follows an established pattern, requesting the FCC to add requirements to a standard offered by TIA and ATIS. The standard at issue is J-STD-025-B, which specifically concerns CDMA2000 packet services. Such services can include wireless Internet access service, picture mail service, one-and two-way video services and text messaging services. The standard is not intended to apply to voice services.
Pressure on CDMA Safe Harbor
In its Petition, DOJ asks the FCC to condition the J-STD-025-B "safe harbor" on CDMA providers building into their networks the capability to deliver to law enforcement:
Packet activity data related to a surveillance target's communications, including Internet Protocol (IP) addresses, port numbers, and transport layer protocol information for the source and destination of an IP packet;
The latitude and longitude of a target's mobile handset at the beginning and end of a communication, as well as other reasonably available location information;
Time stamp information precise to 200 milliseconds, allowing law enforcement to correlate a target's communications content with "communications identification information" (e.g., dialing, signaling, and packet activity data); and
All of the above information at levels of security, reliability, and quality equivalent to levels of performance in a CDMA provider's own network (i.e., comparable packet loss and bit error rates). DOJ urges the FCC to require CDMA providers to deliver surveillance data in near-real-time either to a law enforcement co-located collection device or via a secure VPN.
DOJ contends that these capabilities are much less costly and burdensome to deliver than in the past. Moreover, they allegedly already exist within CDMA providers' networks due to E-911 Phase II location requirements and providers' own performance standards. Finally, DOJ contends that the cost of compliance will have a minimal impact on residential ratepayers.
The FCC likely will follow past practice and respond to DOJ's Petition by initiating a rulemaking proceeding. Ultimately, some or all of DOJ's requests probably will become part of the J-STD-025-B standard, increasing burdens on CDMA providers seeking "safe harbor." Finally, the DOJ's Petition manifests law enforcement's objective to benefit from new features in service providers' systems, whether implemented in response to regulation—like E-911 location identification requirements—or voluntarily in order to improve network performance.