CALEA: Deadline Looming

The Communications Assistance for Law Enforcement Act (CALEA) is a wiretapping law whose intent is:

“...to make clear a telecommunications carrier’s duty to cooperate in the interception of communications for Law Enforcement purposes, and for other purposes.”

The deadline for carriers to be fully compliant with CALEA is May 14, 2007. I decided to reach out to Gregory Giagnocavo, President of Dash911 (http://www.dash911.com), (news - alert) to get a better handle on what the looming deadline means for our industry. The resulting interview was conducted via e-mail.

Galitzine: Briefly describe the nature of the ruling and the upcoming deadline.
Giagnocavo: In 2005, the FCC issued an Order requiring all interconnected VoIP (define - news - alert) providers to comply with the provisions of the CALEA requirements for surveillance of telephone calls. VoIP providers must be prepared to provide detailed information on call activity including not only call detail records (CDRs) for their subscribers, but information on calls that were conferenced in, and, live on-demand voice call “taps.”

There are two deadlines for CALEA compliance. February 12th, 2007 is the deadline for the Monitoring Report, which sets out what steps the VoIP provider has so far taken and what solution the VoIP provider intends to use to comply with the CALEA requirements. The second deadline is May 14th, 2007 by which time the VoIP provider MUST have its CALEA implementation in place and file a report called the System Security and Integrity report.

Galitzine: What are the proposed obligations and regulations that service providers need to be aware of?
Giagnocavo: The CALEA requirements have been in the works for more than four years, and this has involved the Department of Justice including the CIA, FBI, DEA, and now also the Department of Homeland Security. The end result is that VoIP providers are burdened with the same obligations as the large telcos in that VoIP providers have to provide subscriber info, detailed call info, and the ability for live voice call intercept, on-demand.

VoIP providers are also required to obtain an FCC “FRN” number, to designate a Responsible Party who must be trained in CALEA requirements, to make absolutely sure that nobody besides the designated Responsible Party has access to any of the lawful intercept requests (subpoenas) and that no other person finds out about the lawful intercept requests and keeps all such info secret, and, that a detailed and confidential log and report of all monitoring activity is kept on file (and kept secret), and that regular filings on lawful and unlawful intercept and call monitoring are made to the FCC.

That same Responsible Party is the one who is tasked with making sure all information requests under the subpoena are secretly collected and formatted for sending to the requesting law enforcement agency. This responsible party is who the law enforcement agencies will contact when it is necessary to “tap into” the VoIP providers switch and or network to arrange for secure connections.

Galitzine: In your opinion, how serious is the FCC about keeping the deadline it has set? What are the penalties for noncompliance?
Giagnocavo: I have personally spoken with one of the attorneys at the Department of Justice in Washington, DC and he has spoken with the Department of Homeland Security and the FCC as well. The FCC has indicated that they are very serious about the deadlines that have been set, and that they are going to be very aggressive in enforcing the deadlines and the CALEA compliance on VoIP providers.

This is not the same type of FCC Order and compliance scenario that developed with regard to E911 for VoIP. In that case, the FCC has not yet begun to go after VoIP providers who are not in full compliance with the E911 regulations, and there have been almost no instances of fines for not complying with E911. However, CALEA involves the DOJ and all those federal law enforcement and security agencies as well as hundreds of local law enforcement agencies who also have the legal authority to ask for on-demand wire taps and call information.

Fines for not complying with CALEA are as much as $10,000 per day. The FCC and the law enforcement agencies have made it clear that “smaller VoIP providers” are not exempt. In fact, in my discussion with the DOJ, it was pointed out to me that CALEA is not at all just about gathering information on terrorist activity, but is even more about local crimes such as kidnapping, pornography rings, meth labs and so on — crimes that are planned and executed hundreds of times a day in communities across the USA.

I want to thank Gregory for his time and effort in responding to my questions. I’d also like to invite you to check out a new blog on TMCnet, authored by Scott Coleman of SS8 Networks, called Demystifying Lawful Intercept and CALEA for more information regarding this critical subject.