5 July 2006
-----------------------------------------------------------------------
[Federal Register: July 5, 2006 (Volume 71, Number 128)]
[Rules and Regulations]
[Page 38091-38111]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr05jy06-18]
=======================================================================
-----------------------------------------------------------------------
FEDERAL COMMUNICATIONS COMMISSION
47 CFR Parts 1, 22, 24, and 64
[ET Docket No. 04-295; RM-10865; FCC 06-56]
Communications Assistance for Law Enforcement Act and Broadband
Access and Services
AGENCY: Federal Communications Commission.
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: This document addresses the assistance capabilities required,
pursuant to section 103 of the Communications Assistance for Law
Enforcement Act (CALEA) for facilities-based broadband Internet access
providers and providers of interconnected Voice over Internet Protocol
(VoIP). More generally, the Second Report and Order and Memorandum
Opinion and Order (Second R&O and MO&O) specifies mechanisms to ensure
that telecommunications carriers comply with CALEA. The MO&O denies in
part and grants in part a petition for reconsideration and
clarification filed by the United States Telecom Association
(USTelecom) relating to the compliance date for broadband Internet
access providers and providers of interconnected VoIP.
DATES: Effective August 4, 2006, except for Sec. Sec. 1.20004 and
1.20005, which contain information collection requirements that have
not been approved by the Office of Management and Budget. The Federal
Communications Commission will publish a document in the Federal
Register announcing the effective date of these sections.
FOR FURTHER INFORMATION CONTACT: Rodney Small, Office of Engineering
and Technology, (202) 418-2452, e-mail: Rodney.Small@fcc.gov.
SUPPLEMENTARY INFORMATION: This is a summary of the Commission's Second
Report and Order and Memorandum Opinion and Order, ET Docket No. 04-
295, FCC 06-56, adopted May 3, 2006, and released May 12, 2006. The
full text of this document is available for inspection and copying
during normal business hours in the FCC Reference Center (Room CY-
A257), 445 12th Street, SW., Washington, DC 20554. The full text of
this document also may be purchased from the Commission's copy
contractor, Best Copy and Printing, Inc., Portals II, 445 12th Street,
SW., Room CY-B402, Washington, DC 20554, telephone (202) 488-5300; fax
(202) 488-5563; e-mail at FCC@BCPIWEB.COM.
Summary of the Second Report and Order and Memorandum Opinion and Order
Overview
1. Telecommunications industry standard-setting bodies, working in
concert with law enforcement agencies (LEAs) and other interested
parties, are developing technical requirements and solutions for
facilities-based broadband Internet access providers and providers of
interconnected VoIP. We conclude that, absent the filing of a
deficiency petition under CALEA section 107(b), it would be premature
for the FCC to intervene in the standards development process.
Additionally, we permit all carriers providing facilities-based
broadband Internet access and interconnected VoIP services until May
14, 2007 to come into compliance with CALEA. Further, we require that
all carriers providing facilities-based broadband Internet access and
interconnected VoIP service to submit interim reports to the Commission
to ensure that they will be CALEA-compliant by May 14, 2007. We also
require that all facilities-based broadband Internet access and
interconnected VoIP providers to whom CALEA obligations were extended
in the First Report and Order (First R&O) in this proceeding come into
compliance with the system security requirements in our rules within 90
days of the effective date of this Second R&O.
2. More generally, we specify mechanisms to ensure that
telecommunications carriers comply with CALEA. Specifically, under the
express terms of the statute, all carriers subject to CALEA are obliged
to become CALEA-compliant. We find that sections 107(c) and 109(b) of
CALEA provide only limited and temporary relief from compliance
requirements, and that they are complementary provisions that serve
different purposes, which are, respectively: (1) Extension of the CALEA
section 103 compliance deadline for equipment, facility, or service
deployed before October 25, 1998; and (2) recovery of CALEA-imposed
costs. We also conclude that, in addition to the enforcement remedies
through the courts available to LEAs under CALEA section 108, we may
take separate enforcement action against carriers that fail to comply
with CALEA. Moreover, we conclude that carriers are generally
responsible for CALEA development and implementation costs for post-
January 1, 1995 equipment and facilities.
Background
3. In March 2004, the Department of Justice (DOJ), the Federal
Bureau of Investigation (FBI), and the Drug Enforcement Administration
(DEA) (collectively, Law Enforcement) filed with the Commission a
petition for expedited rulemaking, requesting that we initiate a
proceeding to resolve various outstanding issues associated with the
implementation of CALEA. We responded in August 2004 by issuing a
Notice of Proposed Rulemaking (NPRM) (69 FR 56976, September 23, 2004)
and Declaratory Ruling in this proceeding. The NPRM examined issues
relating to the scope of CALEA's applicability to packet-mode services,
such as broadband Internet access, and implementation and enforcement
issues.
4. In September 2005, the First R&O (70 FR 59664, October 13, 2005)
concluded that CALEA applies to facilities-based broadband Internet
access providers and providers of interconnected VoIP service, and the
concurrent Further Notice of Proposed Rulemaking (70 FR 59704, October
13, 2005) sought comment on whether CALEA obligations should be
extended to providers of other types of VoIP services and on whether
something less than full CALEA compliance should be required of certain
classes or categories of facilities-based broadband Internet access
providers. The First R&O stated: ``In the coming months, we will
release another order that will address separate questions regarding
the assistance capabilities required of the providers covered by
today's Order pursuant to section 103 of CALEA. This subsequent order
will include other important issues under CALEA, such as compliance
extensions and exemptions, cost recovery, identification of future
services and entities subject to CALEA, and enforcement.'' The Second
R&O addresses these questions and issues and specifies what
telecommunications providers must do to facilitate electronic
surveillance of their equipment, facilities, and services by LEAs,
pursuant to court orders or other lawful authorization.
5. In this Second R&O, we first examine the obligations of
facilities-based broadband Internet access and interconnected VoIP
providers to
[[Page 38092]]
implement CALEA compliance solutions under section 103 of the statute,
including solutions based on either CALEA ``safe harbor'' standards or
the use of trusted third parties (TTPs). We next examine the scope of
relief available to telecommunications carriers pursuant to CALEA
sections 107(c) and 109(b), issue new guidelines to govern the filing
and evaluation of petitions associated with those rule sections, and
dispose of pending section 107(c) petitions. Third, we address CALEA
enforcement issues, both generally and with specific regard to
facilities-based broadband Internet access and interconnected VoIP
providers, including the filing of reports by these providers to ensure
their timely compliance with the assistance capability requirements of
CALEA section 103. Fourth, we examine CALEA cost issues and specify
cost recovery mechanisms for wireline, wireless, and other
telecommunications carriers. Fifth, we specify a date for facilities-
based broadband Internet access and interconnected VoIP providers to
comply with CALEA system security requirements. Finally, we address the
CALEA compliance obligations of providers of future telecommunications
services and technologies.
A. Requirements and Solutions
6. In this proceeding, we have explored the complexity of the
technical issues regarding packet technologies to ensure that broadband
Internet access and VoIP providers can comply with CALEA and not
compromise the ability of LEAs to receive the information to which they
are entitled under the statute. Specifically, as discussed in detail,
we probed the capabilities of broadband Internet access and VoIP
providers to extract CII and provide it to LEAs under CALEA, and
inquired about compliance solutions for these providers based upon
either CALEA ``safe harbor'' standards or the use of TTPs. The record
demonstrates that Law Enforcement and industry have made progress
toward the goal of achieving successful implementation of CALEA with
regard to the deployment of packet technologies by broadband Internet
access and VoIP providers, but this is an ongoing process. Although
section 107(b) of CALEA allows the Commission, upon petition, to
establish rules, technical requirements or standards necessary for
implementing section 103 if any entity believes that industry-created
requirements or standards are deficient, CALEA clearly provides that
LEAs and industry work together in the first instance to formulate
CALEA compliance standards. Accordingly, we will continue to monitor
developments in this area as Law Enforcement and industry continue
working together, primarily through various standards organizations, to
develop long-term solutions to these complex technical issues. We also
determine that all carriers providing facilities-based broadband
Internet access and interconnected VoIP services must be in compliance
with section 103 of CALEA by May 14, 2007.
1. CALEA Obligations Under Section 103
7. Background. Section 103(a)(1) of CALEA requires
telecommunications carriers to establish the capability of providing to
LEAs call content information, pursuant to a court order or other
lawful authorization; and section 103(a)(2) of CALEA requires
telecommunications carriers to establish the capability of providing to
LEAs reasonably available CII, pursuant to a court order or other
lawful authorization. In the Second R&O, we discuss a carrier's
obligations under section 103 and compliance solutions as they relate
to broadband Internet access and interconnected VoIP services.
8. CALEA defines CII as ``dialing or signaling information that
identifies the origin, direction, destination, or termination of each
communication generated or received by a subscriber by means of any
equipment, facility, or service of a telecommunications carrier,'' but
CALEA does not define ``origin,'' ``direction,'' ``destination,'' or
``termination.'' The Commission has adopted definitions of the
component terms (origin, direction, destination, and termination) in
the statutory definition of CII in addressing petitions regarding
standards for circuit switched networks in J-STD-025. However, as noted
above, packet technologies are substantially different from the circuit
switched technologies that were the primary focus of the Commission's
earlier decisions on CALEA. Accordingly, in the NPRM, we sought comment
on whether the Commission should clarify the statutory term ``call-
identifying information'' for broadband Internet access and VoIP
services. We asked commenters to provide specific suggestions for these
definitional issues.
9. We also invited comment as to how the Commission should apply
the term ``reasonably available'' to broadband Internet access. We
observed that the Commission has previously determined that information
may not be ``reasonably'' available in circuit switched networks if the
information is accessible only by significantly modifying a network,
and further observed that cost concerns are best addressed as part of a
section 107(c) analysis. We tentatively concluded that we should apply
the same ``reasonably'' available criteria to broadband Internet access
and VoIP providers; i.e., information may not be reasonably available
to those providers if it is accessible only by significantly modifying
their networks. However, we recognized that, when looking at those
providers' service architectures, it is not always readily apparent
where CII is available. Accordingly we sought comment on these related
issues, such as instances in which CII may be reasonably available from
either a broadband Internet access provider or a VoIP provider, but not
from both. We stated that, if the information is reasonably available
from both, we would expect that both would have a CALEA obligation with
respect to that information and would work cooperatively with each
other and with the LEA to provide the LEA with all required
information.
10. Discussion. A number of parties commented generally on the
Commission's authority to intervene in the development of CALEA
technical standards. Cingular notes that the U.S. Court of Appeals for
the District of Columbia Circuit (D.C. Circuit) stated: ``* * *
Congress gave the telecommunications industry the first crack at
developing standards, authorizing the Commission to alter those
standards only if it found them `deficient.' '' Cingular and many other
parties conclude that the Commission must defer to the efforts of
industry standards bodies to formulate standards, absent the filing of
a petition under section 107(b) with the Commission.
11. With regard to the availability of CII in broadband access and
VoIP networks, commenters generally agree that different information is
available to different service providers, and that different parts of
that information are ``reasonably available'' to different service
providers. However, several parties identify situations in which, they
contend, a broadband Internet access provider would not reasonably be
able to extract CII used by non-affiliated VoIP providers. With regard
to the Commission's tentative conclusion that CII may be reasonably
available to a broadband access or VoIP provider as long as that
provider's network does not have to be significantly modified, some
parties argue that this standard is inappropriate for Internet
applications. DOJ expresses particular concern about the Commission
using cost considerations to decide what is
[[Page 38093]]
``reasonably available'' because, DOJ asserts, the Commission could
mistakenly excuse an entire class of carriers from delivering a
capability, even though only one or two carriers qualify for such
relief based on non-technical considerations. However, industry
commenters strongly disagree with DOJ regarding the exclusion of cost
considerations from a ``reasonably available'' inquiry.
12. We note the D.C. Circuit's opinion referenced by Cingular, as
well as the comments of both DOJ and the telecommunications industry
that express concern about Commission intervention in the continuing
work by Law Enforcement and industry to develop CALEA technical
standards for broadband Internet access and VoIP services. Addressing
analogous circumstances, the Court explained that such intervention
``would weaken the major role Congress obviously expected industry to
play in formulating CALEA standards.'' In the course of developing
standards for CALEA compliance by broadband Internet access and VoIP
providers, we expect that industry standard-setting bodies, working in
concert with Law Enforcement and other interested parties, will develop
an appropriate definition of ``call-identifying information'' in the
context of broadband Internet access and VoIP networks as well as an
appropriate definition of what constitutes either ``reasonable
availability'' of CII in such networks or a ``significant
modification'' of such networks. If this process proves unsatisfactory,
any interested party may submit to the Commission a deficiency petition
under CALEA section 107(b). We thus take no action on these issues at
this time.
13. The First R&O in this proceeding established a CALEA compliance
date of May 14, 2007 for newly covered entities and providers of newly
covered services. USTelecom asked that this date be extended until 18
months from the effective date of this Second R&O, and also asked the
Commission to identify specifically all broadband Internet access
services subject to the compliance date. To eliminate any possible
confusion, we conclude that the public interest will be best served by
applying the May 14, 2007 compliance date to all facilities-based
broadband Internet access and interconnected VoIP services. We agree
with USTelecom that applying the compliance date uniformly to these
services is consistent with the policy objectives identified in the
First R&O. We find that applying the same compliance dates to all
providers of facilities-based broadband Internet access and
interconnected VoIP services will avoid any skewing effect on
competition and will prevent migration of criminal activity onto
networks with delayed compliance dates.
14. One firm date establishes a clear goal for all carriers,
equipment manufacturers, and law enforcement that must cooperate in the
process of identifying, implementing and deploying solutions. One firm
date also should encourage all interested parties to move quickly to
develop solutions which, in turn, will benefit smaller carriers who
face greater challenges in complying with CALEA in the absence of
standards and the availability of compliant equipment in the
marketplace. Thus, we reject suggestions for different compliance
deadlines for VoIP and broadband Internet access services, or linking
compliance deadlines to certain events or criteria, such as the
development of standards, a Commission decision that a service provider
is subject to CALEA, or carrier size.
15. We also find that May 14, 2007 is a reasonable time period for
compliance with the section 103 requirements. We note, at the outset,
that VoIP standards for CALEA are nearing or are at completion for
various technologies. Thus, manufacturers and carriers are in a good
position to implement and deploy solutions for VoIP by that date, even
though we recognize that VoIP providers who plan a nationwide
deployment will need to incorporate a CALEA solution into numerous
routers or servers or negotiate arrangements with numerous
interconnecting carriers. We similarly conclude that providers of
broadband Internet access services should be able to comply with
section 103 by May 14, 2007. Although standards for newer broadband
Internet access technologies are yet to be developed, especially
regarding the delivery of CII, we note that full content surveillance
has already been addressed by standards groups for certain older
technologies and some carriers may be able to rely on ``passive''
techniques (e.g., using probes at certain points throughout their
network) to implement surveillance. Other factors should facilitate
carrier compliance by that date. For example, some solutions will be
software based, and thus carriers will not necessarily have the burden
of deploying new equipment to come into compliance. Further,
facilities-based broadband Internet access and VoIP services
interconnect with the public Internet and public switched telephone
network (PSTN), respectively. Thus, broadband access architectures and
protocols are compatible with standards used for the Internet and VoIP
architectures and protocols are compatible with standards used for the
PSTN, providing a foundation upon which CALEA solutions for broadband
access and VoIP services can be developed.
2. Compliance Solutions Based on CALEA ``Safe Harbor'' Standards
16. Background. In the NPRM, the Commission invited comment on a
variety of industry standards for packet-mode technologies to determine
whether any of these standards are deficient and thus preclude
carriers, manufacturers, and others from relying on them as ``safe
harbors'' in complying with section 103 of CALEA. We noted that, over
the past several years, various organizations have been developing
standards for various types of packet technologies that support a
variety of applications used in both wireline and wireless networks. We
stated that these standards could serve, pursuant to section 107(a) of
CALEA, as safe harbors for section 103 compliance by telecommunications
carriers. Section 107(a) is titled ``Safe Harbor'' and subsection
107(a)(2) provides: ``A telecommunications carrier shall be found to be
in compliance with the assistance capability requirements under section
103, and a manufacturer of telecommunications transmission or switching
equipment or a provider of telecommunications support services shall be
found to be in compliance with section 106, if the carrier,
manufacturer, or support service provider is in compliance with
publicly available technical requirements or standards adopted by an
industry association or standard-setting organization, or by the
Commission under subsection (b), to meet the requirements of section
103.'' We noted that the standards process is ongoing in several
different venues, with some standards already having undergone
modification and new ones under development, and that compliance with a
safe harbor standard is not required by CALEA.
17. In the NPRM, we also noted Law Enforcement's assessment that
packet-mode standards that have been published are deficient. We stated
our belief that underlying this assessment are Law Enforcement's
assumptions that the definition of CII can be clearly applied to packet
networks, that information so identified is ``reasonably available'' to
the carrier, and that the provision of the information to LEAs by the
carrier is ``reasonably achievable.'' We further noted that the
Telecommunication Industry Association disagrees with Law Enforcement's
assessment. We asked
[[Page 38094]]
parties to comment on industry standards for packet-mode technologies
in an attempt to determine whether any of these standards are deficient
and thus preclude carriers, manufacturers, and others from relying on
them as safe harbors in complying with section 103. We made clear,
however, that we did not intend to inhibit the ongoing work by
standards organizations, carriers, and manufacturers to develop and
deploy CALEA-compliant facilities and services. We recognized that
CALEA provides that carriers and others may rely on publicly available
technical requirements or standards adopted by an industry association
or standard-setting organization to meet the requirements of section
103, unless the Commission takes specific action in response to a
petition.
18. In the NPRM, therefore, we invited comment as to whether there
is any need to define what constitutes publicly available technical
requirements or standards adopted by an industry association or
standard-setting organization, and sought comment regarding the
appropriateness of available standards and specifications to be used as
safe harbors for packet-mode technologies for purposes of CALEA. We
observed that it appears that any group or organization could publish a
set of technical requirements or standards and claim it to be a safe
harbor, and we requested comment on whether we should define what
constitutes publicly available technical requirements or standards
adopted by an industry association or standard setting organization. We
also sought comment on the appropriate format to be used for the
transmission of CII data to LEAs. We noted that, when broadband
telephony (including VoIP) CII is provided to LEAs, they may have
concerns with the format of the electronic interface used to provide
the CII. We requested comment on whether the CII should be converted
into a format preferred by LEAs.
19. Discussion. No specific deficiencies in any packet-mode
standard were cited by any commenter. Rather, there was a consensus to
allow the standards process to proceed and to resolve issues with
deficiency petitions. In fact, both industry commenters and DOJ note
the appropriateness of this process. Further, industry commenters
observe that Law Enforcement has not filed a deficiency petition with
respect to any packet-mode standard. Similarly, with regard to whether
the Commission should seek to determine the industry bodies that are
appropriate to generate safe harbor standards, there is broad consensus
in the record that we should not. Finally, with regard to the issue of
the format of CII to be provided to LEAs, there was a difference of
opinion among commenters as to whether a single format is appropriate,
but no one recommended that the Commission determine this issue in
advance of industry.
20. We found that it would be premature for the Commission to pre-
empt the ongoing industry process to develop additional standards for
packet-mode technologies. We believe that industry organizations, whose
meetings are generally open to all interested parties--including LEAs--
can best develop those standards, just as they previously developed
circuit switched standards. Further, given the diversity of
technologies supporting communications services and the breadth of
organizations involved both domestically and internationally in
developing packet-mode standards, we find it both infeasible and
inappropriate to specify the organizations qualified to develop
standards that may be used as ``safe harbors.'' Finally, we find no
reason to become involved at this time in the technically complex issue
of determining the appropriate format to be used for the transmission
of broadband CII data to LEAs. Rather, for all of these technical
issues, we find that the industry standards process remains the
preferred forum. We note again, however, to the extent that any party
perceives a problem with an industry developed packet-mode standard, it
may file with the Commission a deficiency petition under section 107(b)
of CALEA.
3. Compliance Solutions Based on a Trusted Third Party
21. Background. In the NPRM, we sought comment on the feasibility
of using a TTP approach to extract CII and content from packets. Under
this approach, a TTP would operate a service bureau with a system that
has access to a carrier's network equipment and remotely manage the
intercept process for the carrier. We noted that the TTP could either
rely on a mediation device to collect separated call content and CII
from various points in the carrier's network and deliver the
appropriate information to a LEA, or could rely on an external system
to collect combined call content and CII and deliver appropriate
information to the LEA. In the NPRM, we focused on the external system
approach which, we noted, could analyze the combined information and
provide the LEA only that information to which it is entitled. We
sought comment on whether an external system would be an efficient
method to extract information from packets. We stated that external
systems might provide economies of scale for small carriers, and asked
about the approximate relative costs of internal versus external
systems for packet extraction.
22. The record indicates that TTPs are available to provide a
variety of services for CALEA compliance to carriers, including
processing requests for intercepts, conducting electronic surveillance,
and delivering relevant information to LEAs. Given the effectively
unanimous view of commenters that the use of TTPs should be permitted
but not required, we conclude that TTPs may provide a reasonable means
for carriers to comply with CALEA, especially broadband access and VoIP
providers and smaller carriers. We emphasize, however, that if a
carrier chooses to use a TTP, that carrier remains responsible for
ensuring the timely delivery of CII and call content information to a
LEA and for protecting subscriber privacy, as required by CALEA. Thus,
a carrier must be satisfied that the TTP's processes allow the carrier
to meet its obligations without compromising the integrity of the
intercept. Carriers will not be relieved of their CALEA obligations by
asserting that a TTP's processes prevented them from complying with
CALEA. We note DOJ's concern about carriers attempting to use TTPs to
shift costs to LEAs, but we make no decision here that would allow
carriers who choose to use a TTP to shift the financial responsibility
for CALEA compliance to the Attorney General under section 109 (see
discussion on cost recovery, in the Second Report and Order). We will
evaluate whether the availability of a TTP makes call-identifying
information ``reasonably'' available to a carrier within the context of
section 103 in acting on a section 109 petition that a carrier may file
(see discussion on section 109 petitions, in the Second Report and
Order). As noted by several commenters, telecommunications carriers and
manufacturers have legally-mandated privacy obligations, and we take no
action herein to modify those obligations based on potential broadband
access and VoIP provider use of TTPs. Finally, in accord with the
consensus of comments, we will defer to standards organizations and
industry associations and allow them to determine the degree to which
the ability of a TTP external system to extract and isolate CII makes
that information reasonably available for purposes of defining CALEA
standards and safe harbors.
[[Page 38095]]
B. Sections 107(c) and 109(b) Petitions
23. In the Second Report and Order, we address the scope of relief
available to telecommunications carriers pursuant to CALEA sections
107(c)(2) and 109(b); clarify guidelines to govern the filing and
evaluation of petitions filed under these two sections; and dispose of
pending section 107(c)(2) petitions. Under the express terms of the
statute, all telecommunications carriers subject to CALEA must comply
with its mandate. Sections 107(c) and 109(b) provide only limited and
temporary relief from CALEA compliance requirements; they are
``complementary provisions that serve different purposes.''
24. Due to the time limitations set forth in the CALEA statute,
telecommunications carriers may not use section 107(c)(1) to obtain
extensions of the compliance deadline in connection with most packet
services. We find that it would be inconsistent with the express time
limitations of section 107(c) for the Commission to grant 107(c)
extension relief to equipment, facilities or services deployed after
the effective date of CALEA pursuant to other CALEA provisions, section
229 of the Communications Act, or section 706 of the Telecommunications
Act of 1996. We also find that, to obtain section 109(b)(1) relief, in
connection with a given assistance capability requirement under section
103, a telecommunications carrier must demonstrate that it undertook
active and sustained efforts to come into compliance with that
requirement, and that compliance could not reasonably be achieved
without ``significant difficulty or expense.'' As a result,
telecommunications carriers filing section 109(b) petitions face a high
burden to obtain relief.
25. In the case of packet-mode compliance requirements addressed in
this Second R&O, we expect that telecommunications carriers will work
diligently until the end of the 18-month compliance period, established
in the First R&O, to implement an appropriate packet-mode CALEA
solution. Once the compliance period expires, telecommunications
carriers seeking relief pursuant to section 109(b) will be expected to
document the efforts they undertook throughout the 18-month compliance
period to achieve CALEA compliance and to demonstrate how the solution
for which they wish to receive cost recovery relief constitutes a
``significant difficulty or expense.'' Because section 109(b) is not a
compliance extension device, however, the filing of a section 109(b)
petition will not, by itself, toll the compliance date.
26. Specifically, in this section, we find that:
Section 107(c)(1) may not be used by telecommunications
carriers seeking extensions for equipment, facilities, and services
(hereinafter ``facilities'') deployed on or after October 25, 1998 (the
effective date of the CALEA section 103 and 105 requirements).
Section 109(b)(1) does not itself authorize the Commission
to grant a telecommunications carrier an extension of the CALEA
compliance deadlines.
Section 109(b)(1) imposes a high burden of proof for
telecommunications carriers to demonstrate that they made reasonable
efforts to develop CALEA solutions and that none of them are reasonably
achievable. In the absence of CALEA compliance standards or industry
solutions, a petitioner must demonstrate that it exercised a high
degree of due diligence in order to develop its own solution, but was
unable to implement this solution because of a ``significant difficulty
or expense.''
Office of Management and Budget (OMB) approval of the
paperwork collection requirements of this Second Report and Order is
required. Once approval is received, we will issue a public notice
setting forth a deadline that will require all telecommunications
carriers who have pending section 107(c)(1) petitions currently on file
with the Commission to inform the Commission whether, pursuant to our
actions taken here, such petitions concern ``equipment, facilities, or
services'' deployed prior to October 25, 1998.
Once OMB approval is received, we will issue a public
notice setting forth a deadline that will require all
telecommunications carriers providing facilities-based broadband
Internet access or interconnected VoIP services to file monitoring
reports with the Commission that briefly describe steps that they are
taking to come into compliance with CALEA section 103. We also will
issue a public notice to notify carriers of OMB approval of paperwork
collection requirements for filing petitions under sections 107(c) and
109(b).
1. Section 107(c)(1) Relief
a. Section 107(c)(1) Does Not Apply to Any Equipment, Facility, or
Service Deployed On or After October 25, 1998
27. We adopt our tentative conclusion that section 107(c)(1)'s
unambiguous language expressly limits extensions to cases where the
petitioning telecommunications carrier proposes to install or deploy,
or has installed or deployed, its `` `equipment, facility, or service
prior to the effective date of section 103 * * *,' i.e., prior to
October 25, 1998.'' Given this limitation, a section 107(c) extension
is not available to cover equipment, facilities, or services installed
or deployed on or after October 25, 1998. Commenters failed to present
any other reasonable way to read this section, and we reject arguments
by commenters that the Commission should nonetheless ignore Congress's
limited grant of authority to entertain CALEA extension petitions and
look to other statutes for authority to grant extensions for facilities
deployed after Congress's cut-off date.
28. We reject commenters' argument that the Commission could
entertain extension petitions pursuant to statutes other than section
107(c), including CALEA section 109(b)(1) and section 706 of the
Telecommunications Act of 1996. While we agree that section 107(c)(1)
does not appear to prohibit the Commission from exercising authority
under another statute, we find it unlikely that Congress intended the
Commission to do so. The language of section 107(c)(1) is very specific
as to what equipment, facilities, and services are covered. Congress
determined that, effective October 25, 1998, telecommunications
carriers should incorporate a CALEA compliance plan into the design of
any new facilities deployments in so far as they are not exempt from
CALEA. To the extent that, in hindsight, after exercising due
diligence, a specific CALEA compliance plan was not reasonably
achievable due to a ``significant expense'' or ``significant harm,''
telecommunications carriers could then seek relief pursuant to section
109(b)(1). Therefore, in designing sections 107(c)(1) and 109(b)(1),
Congress appears to have balanced carefully what it found to be a
reasonable compliance period against a firm deadline for CALEA
compliance. If Congress had intended for the Commission to continue
granting extension petitions after October 25, 1998, we find it
unlikely that Congress would have placed the time limitations in
section 107(c)(1).
29. To interpret other statutes to grant the Commission CALEA
extension authority would undermine Congress's intent that, after a
reasonable compliance period, all telecommunications carriers would
comply with their lawful CALEA obligations. Thus, we reject commenters'
arguments that CALEA
[[Page 38096]]
section 109(b)(1), section 706 of the Telecommunications Act of 1996,
and section 229(a) of the Communications Act provide the Commission
with authority to grant extension petitions for facilities deployed on
or after October 25, 1998. First, although we believe that the
Commission has broad discretion under CALEA section 109(b)(1)(K) to
impose conditions on relief granted by that section, we disagree with
Global Crossing that the Commission should use that section to grant
extension relief given the express limitation in section 107(c)(1).
Second, we disagree with OPASTCO that the Commission should employ
section 706 as overriding statutory authority, because we find that
section 706's directive that the Commission encourage the deployment of
``advanced telecommunications capability'' is consistent with a
criterion that the Commission must examine in a section 109(b)(1)
petition. Because section 109(b)(1) directs the Commission to balance
this one policy objective against 10 other factors, we decline to rely
solely on one factor to the exclusion of all others. Third, we disagree
with commenters who argue that the Commission has broad authority to
entertain extension petitions under section 229(a) of the
Communications Act, which is the provision that grants the Commission
authority to implement CALEA. We believe that, where Congress has
specifically limited Commission extension authority in the CALEA
statute itself, it would be inappropriate to employ section 229(a) to
nevertheless find this authority.
b. Contents of Section 107(c)(1) Petitions
30. We note that participation in the FBI's Flexible Deployment
Program has permitted even small and rural telecommunications carriers
to work with LEAs to develop circuit-mode CALEA compliance solutions.
Packet-mode telecommunications carriers, however, are still in a much
earlier stage of CALEA deployment. Our finding today that section
107(c)(1) is not available for facilities deployed on or after October
25, 1998 will compel most of these telecommunications carriers to
implement CALEA compliant solutions. To the extent that
telecommunications carriers deployed packet-mode facilities prior to
this date, we expect those telecommunications carriers to follow the
guidelines set forth below for section 107(c)(1) petitions.
31. Telecommunications carriers that deployed circuit-mode
facilities prior to October 25, 1998. For this class of
telecommunications carriers, we adopt the NPRM's proposal that
petitions contain (1) an explanation for why an extension is necessary,
(2) a compliance plan setting forth specific dates for compliance no
later than two years after the petition's filing date, (3) a
description of petitioner's ``due diligence'' attempts to become CALEA
compliant since June 30, 2002, and (4) information satisfying the
information requests attached in Attachment F of the Second Report and
Order. Such information will enable us to better evaluate whether a
telecommunications carrier merits an extension. We decline to adopt our
tentative proposal that a circuit-mode telecommunications carrier that
participates in the FBI's Flexible Deployment Program should be deemed
de jure to meet the section 107(c)(1) standard. Upon consideration of
its comments, we agree with DOJ that section 107(c) requires more than
enrollment in Flex Deployment. We will consider enrollment plus the
other items included in our instructions in determining whether section
107(c) relief is appropriate. As in the past, upon the filing of a
section 107(c)(1) petition, we will continue to grant a provisional
extension for a period of two years unless or until we issue an order
that states otherwise.
32. We reject assertions that our section 107(c)(1) approach is
overly burdensome. We interpret section 107(c)(1) so that
telecommunications carriers may minimize the statutory burden
themselves if they proactively seek CALEA solutions. Commenters argue
that telecommunications carriers, especially small ones, face
particular challenges, including, for example, lack of clout to
negotiate with manufacturers and lack of resources. We find that
section 107(c) allows us to take into account the particular situation
of a telecommunications carrier, including its bargaining power and
financial resources, when analyzing whether CALEA compliance is ``not
reasonably achievable through application of technology available
within the compliance period.''
33. Telecommunications carriers that deployed packet-mode
facilities prior to October 25, 1998. We adopt the NPRM's proposal
that, to obtain an extension of time, a packet mode telecommunications
carrier must provide documentation setting forth (1) an explanation why
an extension of time is necessary, (2) a compliance plan including
specific dates for compliance no later than two years after the
petition's filing date, (3) a description of petitioner's ``due
diligence'' attempts to become CALEA compliant since November 19, 2001,
i.e., the date mandated for packet-mode CALEA compliance by the
Commission's September 28, 2001 Public Notice, and (4) information
satisfying the information requests in Attachment F of the Second
Report and Order. Other than arguments of burden, commenters failed to
provide convincing evidence or arguments to show why the Commission
should depart from its proposal in the NPRM.
2. Section 109(b)(1) Relief
34. We affirm the NPRM's tentative conclusions that ``Congress
anticipated that section 109(b)(1) would be used in extraordinary cases
by telecommunications carriers facing particularly high CALEA-related
costs and difficulties.'' We first describe the scope of relief granted
under section 109(b)(1) and its relationship to other CALEA provisions.
Second, we find that a petitioner must meet a high burden of proof to
satisfy section 109(b)(1) and may not use the absence of available
solutions as the sole basis for section 109(b)(1) relief. Third, we
find that a petitioner must exercise due diligence to present a
specific solution or a pathway designed to reach a specific solution.
Finally, we explain how we will weigh section 109(b)(1)'s eleven
factors in evaluating a petition.
a. Scope of Section 109(b)(1) Relief and Its Relationship to Other
CALEA Sections
35. Section 109(b)(1) relief shifts the burden of paying for a
specific CALEA solution to DOJ. Section 109(b)(1) is a mechanism for a
telecommunications carrier to recover CALEA compliance costs from DOJ
if the telecommunications carrier can demonstrate that compliance with
CALEA capability requirements is not ``reasonably achievable.'' Section
109(b)(1) defines ``reasonably achievable'' to mean that compliance
would impose a ``significant difficulty or expense'' on the
telecommunications carrier. If the Commission grants a section
109(b)(1) petition, the only relief that a telecommunications carrier
receives is the following: the telecommunications carrier may, pursuant
to section 109(b)(2)(A), request DOJ to pay for the additional
reasonable costs for making CALEA compliance reasonably achievable. DOJ
may then agree to pay for these costs. If DOJ declines to pay for these
costs, then the telecommunications carrier ``shall be deemed to be in
compliance'' with the capability requirements for the equipment,
facilities, and/or services that were the subject of the section
109(b)(1) petition.
[[Page 38097]]
36. Section 109(b)(1) neither compels a telecommunications carrier
to adopt a specific CALEA solution nor requires DOJ to pay for the
telecommunications carrier's preferred solution. As discussed above,
under section 103, a telecommunications carrier is entitled to
implement whatever solution it believes best suits its network needs.
However, to recover costs from DOJ, a telecommunications carrier must
satisfy the obligations set forth in section 109(b)(1). This means that
the telecommunications carrier must demonstrate that compliance would
impose a significant difficulty or expense. If there is a reasonable
means of compliance available, even if it is not the telecommunications
carrier's preferred solution, then the Commission may find that a less
expensive, alternative solution would not impose a significant
difficulty or expense and deny the petition. Section 109(b)(1) makes no
reference to the solution preferences of a telecommunications carrier--
rather it focuses on whether compliance with section 103 would impose a
``significant difficulty or expense.'' A telecommunications carrier
that fails to make this showing may not request payment from DOJ. If,
on the other hand, the Commission finds that compliance is not
reasonably achievable within the meaning of section 109(b), DOJ has the
option to pay the appropriate costs of whatever compliance solutions
DOJ deems appropriate.
37. Section 109(b)(1) relief terminates when the equipment,
facilities or services undergo a substantial replacement, modification
or upgrade. A section 109(b)(1) petition must explain with specificity
the equipment, facility, or service for which the petitioner seeks
relief. The Commission's order granting section 109(b)(1) relief will
specify what equipment, facility, and/or service is covered by the
order. Once that equipment, facility, or service is replaced,
significantly upgraded or otherwise undergoes major modification, the
carrier is no longer relieved of its CALEA obligations and the
replacement must comply with section 103. To obtain section 109(b)(1)
relief for the modified equipment, the telecommunications carrier would
have to file a new section 109(b)(1) petition.
38. Section 109(b)(1) relief does not include extensions of time.
Section 109(b)(1) is a cost recovery vehicle. Section 107(c)(1) is the
CALEA provision that addresses extensions of time. Congress determined
that telecommunications carriers cannot seek extension relief for
facilities deployed on or after October 25, 1998.
b. The Section 109(b)(1) Burden of Proof
39. We affirm the NPRM's tentative conclusion that a
telecommunications carrier faces a high burden of proof in order to be
relieved of its obligations to pay for CALEA compliance. Specifically,
section 109(b)(1) requires a petitioner to demonstrate, with respect to
each section 103 assistance capability requirement for which it seeks
relief, that it has examined all possible solutions and that all of
these solutions would impose a significant difficulty or expense on the
petitioner. This means that if the Commission is aware of a CALEA
solution that the telecommunications carrier has not explored and
covered in its petition, the Commission will likely dismiss the section
109(b)(1) petition as prima facie insufficient. In its petition, the
telecommunications carrier must explain with specificity the possible
CALEA solution and the significant difficulty or expense that that
solution would impose on the telecommunications carrier so that the
Commission and later DOJ may render their respective determinations,
under sections 109(b)(1) and 109(b)(2)(A). We adopt the tentative
conclusion in the NPRM that telecommunications carriers may not rely
solely on the absence of industry standards and solutions under section
109(b)(1)(K) as a basis for section 109(b)(1) relief.
40. We further adopt our tentative conclusion that a section
109(b)(1) petition must seek relief for ``precisely identified
`equipment facilities, or services.' '' In this regard, a petitioner
must describe with specificity how, in its due diligence, the
telecommunications carrier made reasonable efforts to identify a
specific solution or a pathway to a specific solution. Without this
showing, the Commission will have no factual basis to evaluate whether
a telecommunications carrier has satisfied the requirements of section
109(b).
41. In addition, to the extent that multiple solutions to a
particular CALEA capability requirement exist, the petitioner must
demonstrate that it would suffer significant difficulty or expense if
it were to implement any of them. We believe that the statute requires
this showing for at least two reasons. First, the inquiry under section
109(b)(1) is whether CALEA compliance imposes a specific harm, not
whether a telecommunications carrier is unable to institute its
solution of choice. If alternative, less expensive solutions exist that
are reasonably achievable, then the telecommunications carrier is not
entitled to a section 109(b)(1) determination that CALEA compliance
would impose a significant difficulty or expense. Second, it would be
unreasonable to read the statute to require DOJ to pay the costs for a
more expensive solution if a less expensive solution exists. If
multiple solutions exist, DOJ should have the option to pay for the
least expensive one available.
c. Petitioner Due Diligence Requirement
42. In the NPRM, the Commission tentatively concluded that section
109(b)(1) petitioners will be expected to demonstrate active and
sustained efforts at developing and implementing CALEA solutions for
their operations, i.e., regardless of whether CALEA solutions for
packet-mode are generally available. We explained this ``due
diligence'' showing as requiring petitioners to submit detailed
information about discussions and negotiations with switch
manufacturers, other equipment manufacturers, and TTPs, both before and
after the FBI announced the termination of the Flexible Deployment
Program in connection with packet-mode technology. We tentatively
concluded that unless we are persuaded that petitioners have engaged in
sustained and systematic negotiations with manufacturers and third-
party providers to design, develop, and implement CALEA solutions, we
should reject submitted petitions.
43. Many commenters disagreed with our analysis and conclusions,
but none persuasively demonstrated that section 109(b)(1) excludes
consideration of due diligence and none persuaded us that consideration
of due diligence is unnecessary for a proper interpretation and
application of section 109(b)(1). Basically, the due diligence
requirement is necessary to ensure that telecommunications carriers
demonstrate the showing required by section 109(b)(1). Section
109(b)(1) requires the Commission to determine, upon petition, whether
compliance with section 103 is reasonably achievable for ``any
equipment, facility, or service installed or deployed after January 1,
1995.'' Unless the evidence demonstrates that the petitioner has
comprehensively considered how to become compliant with CALEA section
103, it would be difficult for the Commission to conclude that section
103 compliance is not reasonably achievable. Simply put, the evidence
must demonstrate that alternative solutions were not reasonably
achievable.
44. To meet this requirement, the petitioner may need to compare,
for
[[Page 38098]]
example, the cost of making annual payments to a TTP for a CALEA
service for a number of years to the cost of purchasing equipment and/
or systems up front that enable the petitioner to meet CALEA capability
requirements themselves. Some solutions may include both elements:
leasing capabilities and buying equipment. In addition, the petitioner
may also seek to include recurring CALEA-specific operations costs in
the cost calculation. Thus, it is necessary to capture the impact of
delayed vs. immediate expenditures in calculating the total cost of any
solution, and to express the cost of alternative solutions in
comparable dollars. A calculation of the (net) present value or present
worth of expenditures of the solution is a recognized way to accomplish
this dual purpose.
45. Our analysis and conclusions here do not compel
telecommunications carriers to adopt any particular ``equipment,
facility, service, or feature'' or ``any specific design of equipment,
facilities, services, features, or system configurations.'' Service
providers are free to configure and build their systems any way they
choose. But a service provider that seeks cost recovery relief pursuant
to section 109(b)(1) must demonstrate that CALEA compliance per se is
not reasonably achievable. A petition must include persuasive evidence
that the petitioner cannot afford to achieve compliance through network
upgrades or equipment retrofits. It must include a demonstration that
the petitioner's preferred CALEA solution is not reasonably achievable
and that no alternative CALEA solution is reasonably achievable,
including alternative manufacturer-provided service packages, services
provided by TTPs, and sharing arrangements with other service
providers.
46. A due diligence showing is particularly necessary to enable us
to consider whether section 109(b)(1) relief is appropriate in cases
where CALEA standards have not been developed and/or CALEA solutions
are not generally available. We reject the idea that we may grant
section 109(b)(1) relief merely because standards have not been
developed or solutions are not generally available. We therefore adopt
our tentative conclusion that the requirements of section 109(b)(1)
would not be met by a petitioning telecommunications carrier that
merely asserted that CALEA standards had not been developed, or that
solutions were not readily available from manufacturers.
47. Nevertheless, we emphasize that section 109(b)(1)'s due
diligence analysis is fact-specific and will take into account, for
example, the resources of the petitioner. We recognize that some
telecommunications carriers, particularly small telecommunications
carriers, may conclude that they cannot afford the efforts required to
develop their own solutions. Thus, for example, a small rural
telecommunications carrier might provide evidence that the lack of
industry standards and solutions, coupled with its lack of financial
resources, would justify a finding that the small telecommunications
carrier had met its due diligence requirements by proffering only one
solution, so long as it is a bona fide solution.
48. We expect that significant progress in developing CALEA
standards and solutions for broadband Internet access and
interconnected VoIP services will be achieved during the 18-month
compliance period. We expect that few if any petitioners could
successfully demonstrate the due diligence necessary to support a
section 109(b)(1) petition until the close of the transition. We in
fact expect broadband Internet access and interconnected VoIP providers
to utilize that transition period as an opportunity to promote the
development of CALEA standards and solutions. Failure to utilize this
opportunity, or to document steps taken to promote CALEA compliance
throughout the transition period, will seriously damage a petitioner's
chances of obtaining section 109(b)(1) relief.
d. Section 109(b)(1)'s Eleven Criteria
49. In determining whether a telecommunications carrier has
successfully demonstrated that compliance with a CALEA section 103
assistance capability requirement is not reasonably achievable pursuant
to section 109(b)(1), the Commission must examine the 11 statutory
criteria set out in section 109(b)(1). We affirm the Commission's
tentative conclusion in the NPRM that the Commission need not weigh
equally all 11 criteria, and its tentative conclusion that we should
assign greater weight to national security and public safety-related
concerns. We also conclude that we should require petitioners to
include in their showing precisely identified CALEA section 103
capability requirements and ``equipment, facilities, or services'' for
which relief is sought. We affirm our finding in the NPRM that under
the requirements of section 109(b)(1)(B) and 109(b)(1)(D), petitioners
must include a thorough analysis of precisely identified costs to
satisfy CALEA obligations, as well as their effects on local service
ratepayers, where relevant; general allegations that projected costs
were ``too high'' or unreasonably burdensome will not suffice. We
direct parties' attention to the cost discussion in the previous CALEA
Second Report and Order in CC Docket No. 97-213 and we reaffirm our
determination there that costs not directly related to CALEA compliance
may not be included in section 109(b) petitions.
50. To provide further guidance as to how the Commission will apply
consideration of the eleven section 109(b)(1) evaluative criteria in
particular cases, we provide the discussion set out below. We
nevertheless caution interested persons that these guidelines are
intended to provide general guidance only. The Commission will examine
each section 109(b) petition based on the facts contained therein and
in the context of a specific analysis of national security factors and
other factors that exist at that time. Section 109(b(1) directs the
Commission to examine the following criteria:
(A) ``The effect on public safety and national security.'' Because
the purpose of the CALEA statute is to ensure public safety and
national security, this criterion is critically important. In a
particular case, the Commission will consider all relevant evidence
submitted by LEAs per this criterion, as well as recommendations about
how this criterion should be applied to submitted evidence and what
weight should be assigned to such evidence in our particular
deliberations. We will also consider all relevant evidence submitted by
a petitioner, including evidence about the number of electronic
surveillance requests it has received from LEAs for the five (5) year
period prior to submission of its section 109(b) petition. We will
consider this latter evidence in connection with evaluating application
of the instant criterion as well as evaluating other, cost-related
criteria set out in section 109(b)(1)(A) through (K).
(B) ``The effect on rates for basic residential telephone
service.'' Application of this factor affects only evaluation of
section 109(b) petitions submitted by residential telephone service
providers subject to the Commission's Part 36 regulation. Its relevance
will be decisively affected by how the Commission decides to implement
jurisdictional separations policy pursuant to the directive set out in
47 U.S.C. 229(e)(3).
(C) ``The need to protect the privacy and security of
communications not authorized to be intercepted.'' A petitioner must
submit persuasive
[[Page 38099]]
evidence why solution(s) described in its petition could not protect
the privacy and security of customer communications. In instances where
the petition presents evidence about TTP services, the petitioner must
present persuasive evidence that the TTP(s) cannot or will not provide
privacy and security protection.
(D) ``The need to achieve the capability assistance requirements of
section 103 by cost-effective methods.'' A petitioner must submit
persuasive evidence showing that all identified solutions, including
those provided by equipment vendors and other manufacturers, TTPs, or
solutions that the petitioner proposes to develop for itself, would
impose a significant ``difficulty or expense'' within the meaning of
the statute. In the event that there is no industry standard or
available market solution at the time that a telecommunications carrier
files its petition, the telecommunications carrier would need to
demonstrate that implementation of its own proposed solution would
impose a significant expense.
(E) ``The effect on the nature and cost of the equipment, facility,
or service at issue.'' In addition to the cost showing described in
paragraph (D), the petitioner must submit persuasive evidence
demonstrating some adverse effect on its facilities.
(F) ``The effect on the operation of the equipment, facility, or
service at issue.'' In addition to the cost showing in paragraph (D),
the petitioner would need to demonstrate a specific adverse effect on
its operations.
(G) ``The policy of the United States to encourage the provision of
new technologies and services to the public.'' The petitioner must
submit persuasive evidence demonstrating that CALEA requirements were
preventing it from deploying a specifically identified new technology
or service, and/or persuasive evidence that imposing CALEA requirements
would require it to take a technology or service off the market.
(H) ``The financial resources of the telecommunications carrier.''
A showing under this factor would be similar to the showing under
factor (D). The petitioner must present financial resource
documentation, including current balance sheets and a complete analysis
of debt and equity financing resources that are available. If the
particular petitioner is a small and rural telecommunications carrier,
this must include a description and analysis of all funding and loan
guarantee sources available from state and federal assistance programs.
Where relevant, all telecommunications carriers must provide evidence
showing how state and local regulation affects the availability or use
of its financial resources. For example, telecommunications carriers
regulated by state Public Utility Commissions should describe in detail
how Commission-approved depreciation schedules can be modified to
provide for capital equipment acquisition on terms more favorable than
currently negotiated and approved terms, or provide evidence that such
schedules cannot be modified. Per this criterion, the petitioner must
submit persuasive evidence that demonstrates that its current financial
resources and financial resources generally available to it are not or
would not be sufficient to prevent the imposition of ``significant
difficulty or expense'' as defined by CALEA section 109(b)(1).
(I) ``The effect on competition in the provision of
telecommunications services.'' Under this factor, the petitioner would
need to submit persuasive evidence that demonstrate a specific and
quantifiable harm.
(J) ``The extent to which the design and development of the
equipment, facility, or service was initiated before January 1, 1995.''
This factor is self-explanatory. In most if not all cases, it will not
apply to facilities-based broadband Internet access and interconnected
VoIP.
(K) ``Such other factors as the Commission determines are
appropriate.'' This provision enables the Commission to evaluate
factors that may arise on a case by case basis, that were difficult for
Congress to predict when enacting the statute, and are difficult for
the Commission to predict during a rulemaking.
51. Attachment E of the Second Report and Order sets forth filing
instructions explaining the specific information telecommunications
carriers should include in their section 109(b) petitions. Attachment E
of the Second Report and Order reflects the proposal in the NPRM,
consideration of the record in this proceeding, and our further
analysis herein of the statute's requirements.
52. Some small telecommunications carriers have urged us to allow
telecommunications carriers filing section 109(b)(1) petitions to pool
their applications under one general application petition and, as a
result, more efficiently present common arguments and save the costs of
submitting individual petitions, each of which would be assessed the
$5200 filing fee. We conclude that this is inappropriate given the
requirements imposed by section 109(b)(1). Section 109(b)(1) requires a
detailed presentation of evidence that section 103 compliance is not
reasonably achievable. Petitioners are required to submit evidence that
demonstrates this in connection with precisely identified services,
equipment, and facilities. These will differ from carrier to carrier.
Additionally, petitioners are required to identify cost and financial
resources information that is detailed and highly telecommunications
carrier-specific. Even if we were to accept jointly pooled section
109(b)(1) petitions, we would, by operation of the statute, need to
separate each separate telecommunications carrier petition for
individual assessment. This individual assessment will impose
predictable costs.
3. Confidential Treatment of Section 107(c)(1) and Section 109(b)(1)
Petitions
53. In addition to highly sensitive cost and financial resources
information, section 107(c)(1) and section 109(b)(1) petitions are
likely to contain specific information regarding the inability of
telecommunications equipment, facilities, and services to comply with
CALEA standards. The facts underlying discrete section 107(c) and
section 109(b) adjudicatory proceedings could also involve highly
sensitive information about LEA activities. We therefore believe that
section 107(c) and section 109(b) filings would be entitled to
confidential treatment under the Freedom of Information Act (FOIA) and
the Commission's rules. Accordingly, we direct petitioners to file
their petitions under a general claim of confidential or proprietary
protection, subject only to scrutiny by the Commission and the Attorney
General who is consulted in section 107(c) adjudications and is a party
to all section 109(b) adjudications. Petitioning telecommunications
carriers are not required to request separately confidential treatment
for the information submitted in their petitions. However, petitioners
must mark the top of each page of their petitions: ``Confidential--Not
for Public Inspection.'' We further conclude that, pursuant to section
0.457(g) of the Commission's rules, the information provided by
telecommunications carriers in these CALEA proceedings will not be made
routinely available for public inspection. No commenter disagrees with
this approach.
4. Monitoring Reports
54. In its Petition, Law Enforcement requested that the Commission
impose a new compliance regime consisting of standardized CALEA
compliance
[[Page 38100]]
benchmarks for packet technologies. Under this proposal, limited
compliance extensions generally would be granted only if providers of
services that use packet technologies agreed to meet the proposed
benchmarks. Most LEAs supported this proposal; nearly everyone else
opposed it as exceeding or contravening the explicit terms of the
statute. We decline at this time to adopt the Law Enforcement benchmark
proposal. As we stated in the NPRM, we conclude that the interpretation
of CALEA that we adopt in this Second R&O, particularly of CALEA
sections 107(c) and 109(b), will better promote law enforcement's
stated objective that all telecommunications carriers should become
compliant with CALEA requirements as soon as possible.
55. Nevertheless, we share Law Enforcement's general concern that
telecommunications carriers timely comply with CALEA for packet
technologies. In the past, telecommunications carriers' progress in
complying with CALEA for packet technologies was effectively monitored
in two ways: by the FBI when it administered a Flexible Deployment
program for packet technology, and by the Commission in administering
section 107(c) extension petitions. The FBI's Flexible Deployment
program no longer applies to packet technology and, as a consequence of
our decision here, few telecommunications carriers will be able to seek
extensions under section 107(c). With information from these programs
no longer available, the Commission will have difficulty identifying,
with sufficient forewarning, impediments to timely compliance and will
have little opportunity to assist the industry, as appropriate, in
achieving timely compliance. We thus conclude that all
telecommunications carriers providing facilities-based broadband
Internet access or interconnected VoIP services shall file a monitoring
report with the Commission which will help the Commission ensure that
providers of services that use packet technologies become CALEA
compliant expeditiously. Specifically, with respect to facilities-based
broadband Internet access providers and interconnected VoIP providers,
we believe that a monitoring report will better ensure that they are
able to meet the May 14, 2007 CALEA compliance deadline. A sample
monitoring report (Form XXX) is provided in Attachment G of the Second
Report and Order. These monitoring reports are separate and distinct
from any section 107(c) or section 109 filings that a
telecommunications carrier may choose to make, and will not be
considered substitutes for seeking relief under those provisions.
56. Accordingly, we specify the following procedure for these
monitoring reports. Once OMB approves the new paperwork collection
requirements of this Second R&O, we will issue a public notice setting
forth a deadline that will require that providers of all such services
to submit to the Commission a completed Form XXX, briefly describing
the status of its compliance for each service based on packet
technology, e.g., whether the service already complies, whether the
telecommunications carrier will comply with an identified industry
standard or develop an ad hoc solution, the steps the
telecommunications carrier is undertaking to achieve CALEA compliance,
any problems with manufacturer support or network installation, and the
date compliance is anticipated. Completed Forms XXX will not be made
available to the public. We will, however, share completed Forms XXX
with DOJ/FBI so that they may evaluate the progress each provider of a
service that uses packet technology is making to achieve CALEA
compliance. Where necessary, we may request additional information from
a provider regarding its efforts to become CALEA compliant by the May
14, 2007 deadline.
57. We find that the above procedure will promote expeditious CALEA
compliance by providers of services that use packet technologies, but
whose services are not yet CALEA compliant. We recognize that this
procedure will impose an increased administrative burden on such
providers, but anticipate that this burden will be minimal. To minimize
the burden, we have developed a relatively short reporting form.
5. Disposition of Pending Section 107(c)(1) Petitions
58. We conclude that section 107(c) extension relief is not
available for applications that include equipment, facilities and
services installed or deployed on or after October 25, 1998.
Accordingly, once OMB approves the new paperwork collection
requirements of this Second R&O, we will issue a public notice setting
forth a deadline by which any telecommunications carrier that has a
section 107(c) petition on file with us shall file a letter that
attests that its pending petition exclusively concerns equipment,
facilities and services installed or deployed before October 25, 1998.
The Commission will thereafter dismiss all non-conforming petitions and
petitions for which clarifying letters have not been received.
C. Enforcement of CALEA
59. In the NPRM, we considered whether, in addition to the
enforcement remedies through the courts available to LEAs under section
108 of CALEA, we may take separate enforcement action against
telecommunications carriers, manufacturers and providers of
telecommunications support services that fail to comply with CALEA. We
stated that we appear to have broad authority under section 229(a) of
the Communications Act to promulgate and enforce CALEA rules against
both common carriers and non-common carriers, and sought comment on
this analysis. We also sought comment on whether sections 108 and/or
201 of CALEA impose any limitations on the nature of the remedy that we
may impose (e.g. injunctive relief) and whether section 106 of CALEA
imposes any limitations on our enforcement authority over manufacturers
and support service providers.
60. Additionally, we sought comment in the NPRM on how we would
enforce the assistance capability requirements under section 103 of
CALEA. To facilitate enforcement, we tentatively concluded that, at a
minimum, we should adopt the requirements of section 103 as Commission
rules. We asked whether, given this tentative conclusion, the lack of
Commission-established technical requirements or standards under CALEA
section 107(b) for a particular technology would affect our authority
to enforce section 103. Further, we asked whether there are other
provisions of CALEA, such as section 107(a)'s safe harbor provisions,
that the Commission should adopt as rules in order to effectively
enforce the statute. Moreover, we stated in the NPRM that we believed
it to be in the public interest for covered carriers to become CALEA
compliant as expeditiously as possible and recognized the importance of
effective enforcement of our rules affecting such compliance. We sought
comment on whether our general enforcement procedures are sufficient
for purposes of CALEA enforcement or whether we should implement some
special procedures for purposes of CALEA enforcement. We also sought
comment on any other measures we should take into consideration in
deciding how best to enforce CALEA requirements.
61. Discussion. DOJ strongly supports the Commission enforcing the
CALEA rules under section 229(a) of the Communications Act. DOJ
contends that the telecommunications industry has in many instances
failed to cooperate with LEAs and has delayed establishing
[[Page 38101]]
CALEA standards and implementing new wiretapping technologies. However,
industry commenters contend that CALEA enforcement authority lies
exclusively with the courts under CALEA section 108.
62. We find that we have the authority under section 229(a) to
enforce CALEA, as that section gives us authority to ``prescribe such
rules as are necessary to implement the requirements of the
Communications Assistance for Law Enforcement Act.'' As we observed in
the NPRM, section 229(a) provides broad authority for the Commission to
adopt rules to implement CALEA and, unlike section 229(b) does not
limit our rulemaking authority to common carriers. While the
``penalties'' provision of section 229(d) refers to CALEA violations
``by the carrier,'' section 229(d) does not limit the Commission's
general enforcement authority under the Communications Act. We thus
conclude that the Commission has general authority under the
Communications Act to promulgate and enforce CALEA rules against
carriers as well as non-common carriers. We also conclude that section
106 of CALEA does not limit our authority to promulgate and enforce
CALEA rules against manufacturers and support service providers.
Accordingly, we find that, contrary to commenters who argued that
authority to enforce CALEA lies exclusively with the courts under CALEA
section 108, we have the authority to prescribe CALEA rules and
investigate the compliance of those carriers and providers subject to
such rules. Additionally, under the Communications Act, the Commission
has broad authority to enforce its rules. It can, for example, issue
monetary forfeitures and cease and desist orders against common
carriers and non-common carriers alike for violations of Commission
rules.
63. We also conclude that sections 108 and 201 of CALEA do not
limit the nature of the remedy that the Commission may impose. Whereas
court actions under sections 108 and 201 would typically follow a
failed attempt by a carrier to comply with an electronic surveillance
order, the Commission may pursue enforcement actions against any
carrier for failure to ensure that its equipment, facilities or
services are capable of providing the assistance capability
requirements prior to receiving an electronic surveillance request.
Thus, the Commission's enforcement authority is complementary to, not
duplicative of, the authority granted LEAs under sections 108 and 201.
64. We observe that the Commission's rules already include various
CALEA requirements that we may enforce, including system security and
records management requirements for all carriers subject to CALEA and
assistance capability requirements for wireline, cellular and PCS
carriers. Our existing rules for wireline, cellular and PCS carriers
already state that these carriers are to comply with the assistance
capability requirements in section 103; however, we have not previously
codified this requirement for other carriers subject to CALEA. We thus
adopt our tentative conclusion to codify this statutory requirement and
thereby clarify that all carriers subject to CALEA are to comply, at a
minimum, with the assistance capability requirements of section 103.
This action will facilitate the Commission's enforcement of CALEA. We
recognize that, in the absence of Commission action to specify more
precise requirements in response to a section 107 (b) deficiency
petition, as we did previously regarding J-STD-025, our rule sets forth
a minimum requirement that carriers, manufacturers and support service
providers may satisfy in various ways (e.g., implementing an industry
standard, ad hoc or interim solution). Nonetheless, this does not
diminish our resolve to consider carefully a bona fide complaint that a
carrier, manufacturers or support service provider has not provided the
necessary assistance capabilities and to take appropriate enforcement
action.
D. Cost Recovery Issues
65. In the NPRM, the Commission sought comment on a number of
issues related to the recovery of CALEA compliance costs, including the
nature of such costs and from which parties the costs could be
recovered. The Commission also inquired into CALEA cost recovery
pursuant to intercept statutes. The Commission further sought comment
on whether specific cost recovery rules should be adopted to help
ensure that small and rural carriers can become CALEA-compliant. Acting
pursuant to section 229(e)(3) of the Communications Act, the Commission
also referred to the Federal-State Joint Board on Jurisdictional
Separations (Joint Board) the following question: whether CALEA
compliance costs should be separated between intrastate and interstate
jurisdictions, and, if so, how the associated costs and revenues should
be allocated. Because of the importance of the issues, the Commission
asked the Joint Board to issue recommendations within a year of the
release of the NPRM, by August 9, 2005. The Joint Board, however, has
not yet issued its recommendation.
66. In the NPRM, the Commission tentatively concluded that carriers
bear responsibility for CALEA development and implementation costs for
post-January 1, 1995 equipment and facilities. We affirm this tentative
conclusion. Cost recovery from the federal government under CALEA
section 109 turns on whether equipment and facilities were deployed
before or after January 1, 1995. CALEA section 109 placed financial
responsibility on the federal government for CALEA implementation costs
related to equipment deployed on or before January 1, 1995. If the
federal government refused to pay for such modifications, a carrier's
pre-1995 deployed equipment and facilities are considered CALEA
compliant until such equipment or facility ``is replaced or
significantly upgraded or otherwise undergoes major modification'' for
purposes of normal business operations. On the other hand, for CALEA
implementation costs associated with equipment deployed after January
1, 1995, CALEA section 109 places financial responsibility on the
telecommunications carriers unless the Commission determines compliance
is not ``reasonably achievable.'' Only in that event may the Attorney
General agree to pay carriers the ``additional reasonable costs of
making compliance * * * reasonably achievable.'' Based on CALEA's clear
delineation of responsibility for compliance costs, we conclude that
carriers bear responsibility for CALEA development and implementation
costs for post-January 1, 1995 equipment and facilities, absent a
finding that compliance is not reasonably achievable pursuant to CALEA
section 109(b).
67. In the NPRM, the Commission acknowledged its prior statement
regarding the ability of carriers to recover a portion of their CALEA
capital costs through electronic surveillance order charges imposed on
LEAs, and that this statement was made without the benefit of a
complete and full record on the issue. The Commission made this
observation as one of several aspects that mitigated the cost burden on
carriers of implementing four CALEA punch list items. However, because
we now conclude that CALEA section 109 provides the exclusive mechanism
by which carriers may recover from law enforcement capital costs
associated with meeting the capability requirements of CALEA section
103, the Commission's prior statement was incorrect to the extent it
suggested that carriers may recover CALEA capital
[[Page 38102]]
costs through intercept charges. As discussed, CALEA specifically
addresses the allocation of responsibility for compliance costs. CALEA
section 109 makes the federal government responsible for compliance
costs for the period on or before January 1, 1995, and places the
responsibility for compliance costs after January 1, 1995 on carriers,
absent a finding that compliance is not reasonably achievable pursuant
to CALEA section 109(b). Allowing carriers to recover CALEA compliance
costs from the government through other means, such as through
intercept charges, would be inconsistent with the cost recovery
methodology set forth in CALEA section 109 because it would disrupt the
cost burden balance between law enforcement and carriers carefully
crafted by Congress in enacting CALEA. In short, as DOJ notes, it
``would essentially allow carriers to do an `end-run' around the
provisions of section 109(b) and Congressional intent.'' We therefore
conclude that, while carriers possess the authority to recover through
intercept charges the costs associated with carrying out an intercept
that is accomplished using a CALEA-based intercept solution, they are
prohibited by CALEA from recovering through intercept charges the costs
of making modifications to equipment, facilities, or services pursuant
to the assistance capability requirements of CALEA section 103 and the
costs of developing, installing, and deploying CALEA-based intercept
solutions that comply with the assistance capability requirements of
CALEA section 103.
68. To the extent carriers do not meet the necessary criteria for
obtaining cost recovery pursuant to section 109(b) of CALEA, carriers
may absorb the costs of CALEA compliance as a necessary cost of doing
business, or, where appropriate, recover some portion of their CALEA
section 103 implementation costs from their subscribers. The specific
provision allowing carriers to recover some portion of their CALEA
capital costs from their subscribers also reinforces our conclusion
that carriers may not recover such costs from law enforcement through
intercept charges. To the extent that carriers are not able to recover
their CALEA capital costs from the federal government through section
109, Congress provided only one other avenue for carriers to recover
such costs, and that is from subscribers, not law enforcement. Such
recovery from consumers, of course, will vary among telecommunications
carriers subject to CALEA depending on certain factors. Rate-regulated
carriers (e.g., incumbent local exchange carriers) cannot raise rates
without first obtaining authorization to do so. Other carriers (e.g.,
Commercial Mobile Radio Services (CMRS) providers) can recover their
costs from subscribers on a competitive market basis. Given this
backdrop, in the NPRM, we invited comment on whether a national
surcharge scheme is feasible for carriers in their efforts to meet
CALEA requirements. We also sought comment on whether the Commission
would need to undertake a specific forbearance analysis under section
10 of the Communications Act, and whether states may expressly provide
for or preclude the recovery of CALEA compliance costs.
69. We decline to adopt a national surcharge to recover CALEA
costs. We find that it would not serve the public interest to use a
national surcharge scheme or to implement some form of cost pooling
system, as some commenters suggest, because such a scheme would
increase the administrative burden placed upon the carriers and provide
little incentive for carriers to minimize their costs. We therefore
decline to mandate a surcharge or other specific method of CALEA cost
recovery. We find that carriers that are not subject to rate regulation
may choose to recover their CALEA-related costs from their subscribers
through any lawful manner consistent with their obligations under the
Communications Act. Section 229(e) of the Communications Act allows
rate-regulated common carriers to seek to recover their federally-
allocated CALEA section 103 costs from subscribers. As noted, the Joint
Board has not yet provided its recommendation as to the allocation of
CALEA costs between the federal and state jurisdictions. After the
Joint Board issues its recommendation, and to the extent that CALEA
costs ultimately are allocated to the federal jurisdiction, rate-
regulated carriers subject to the Commission's price cap rules have the
ability to seek exogenous treatment of the federally-allocated CALEA
costs. Carriers subject to the Commission's rate-of-return rules have
the ability to propose rate changes that would seek recovery of any
federally-allocated CALEA costs not already recovered in rates.
70. Commenters to the NPRM also argue that carriers with smaller
subscriber bases are less able to bear the costs of CALEA
implementation. To the extent CALEA costs prohibit these carriers from
reasonably achieving CALEA compliance, CALEA section 109(b) provides a
remedy. The carriers can seek a determination from the Commission that
CALEA compliance is not reasonably achievable, and, upon such a
determination, the Attorney General may agree to pay the costs of
compliance for these carriers, or the carriers will be deemed to be in
compliance.
E. System Security Requirements
71. In the First R&O, we concluded that providers of facilities-
based broadband Internet access service and interconnected VoIP service
newly identified as subject to CALEA under the Substantial Replacement
Provision are to comply with the assistance capability requirements in
section 103 of CALEA within 18 months of the effective date of the
First R&O. In the Second R&O, we determine that these newly identified
carriers must comply with the system security requirements in section
105 of CALEA and section 229(b) of the Communications Act, as codified
in the Commission's rules, within 90 days of the effective date of this
Second R&O.
72. We find that, based on the record, 90 days is a reasonable time
period to expect providers of facilities-based broadband Internet
access service and interconnected VoIP service to comply with sections
105 and 229(b) system security requirements, as codified in the
Commission's rules. Thus, we require these carriers to file with the
Commission within 90 days of the effective date of this Second R&O the
policies and procedures they use to comply with the system security
requirements as codified in our rules. Ninety days is the same amount
of time provided by the Commission when it initially adopted these
requirements. Timely compliance with these requirements will assist
LEAs and the Commission in identifying those entities now subject to
CALEA, provide important contact information for Commission follow-up
on CALEA compliance, and, more importantly for LEAs, ensure that
providers of facilities-based broadband Internet access service and
interconnected VoIP service are adequately prepared for assisting LEAs
in conducting lawful electronic surveillance.
F. Future Services and Technologies
73. In the NPRM, the Commission tentatively concluded that it is
unnecessary to adopt Law Enforcement's proposal regarding the
Commission identifying future services and entities subject to CALEA.
We recognized Law Enforcement's need for more certainty regarding the
applicability of CALEA to new services and technologies, but expressed
[[Page 38103]]
concerned that Law Enforcement's proposed approach could be
inconsistent with CALEA's statutory intent and could create an obstacle
to innovation. We noted that the requirements of the statute and its
legislative history seem to support opponents' arguments that Congress
did not intend that manufacturers or service providers would be
required to obtain advance clearance from the government before
deploying a technology or service that is not subject to CALEA. We also
expressed concern that, as a practical matter, providers will be
reluctant to develop and deploy innovative services and technologies if
they must build in CALEA capabilities to equipment that ultimately may
not be subject to CALEA or wait for a ruling on the statute's
application to the new service or technology.
74. Discussion. In its comments to the NPRM, DOJ argues that the
Commission should adopt procedures to determine whether future services
and entities are subject to CALEA. DOJ contends that it would be
helpful for industry and LEAs to be able to seek rulings from the
Commission regarding CALEA's applicability to a new service in advance
of that service's introduction into the marketplace. DOJ concludes that
the Commission should require or strongly encourage all providers of
interstate wire or electronic communications services that have any
question about whether they are subject to CALEA to seek Commission
guidance at the earliest possible date, well before deployment of the
service in question.
75. Other commenters support the tentative conclusion set forth in
the NPRM, contending that the public interest in innovation is not
served by government design mandates imposed upon manufacturers and
telecommunications carriers. Verizon states that, while it supports the
availability of an optional expedited declaratory ruling procedure for
carriers that are unsure of their CALEA obligations, DOJ's proposed
procedures and related requirements would effectively force carriers to
obtain pre-authorization of new services and would contradict
Congress's intent expressed in CALEA's legislative history, which makes
clear that CALEA should be implemented in a way that does not impede
the introduction of new technologies, features, and services.
76. We agree with Verizon and other commenters that it would be
inconsistent with the legislative history of CALEA and inappropriate as
a matter of policy for the Commission to identify future services and
entities that may be subject to CALEA. While we are sympathetic to
DOJ's goal of establishing greater certainty regarding the
applicability of CALEA to new services and technologies, we find that
implementing DOJ's proposal would have a chilling effect on innovation.
We believe that we can best determine the future services and entities
that are subject to CALEA on a case-by-case basis. However, we concur
with Verizon that an optional expedited declaratory ruling procedure
for entities that are unsure of their CALEA obligations with regard to
new services would be useful. Accordingly, telecommunications carriers
and manufacturers, as well as LEAs, may petition the Commission for a
declaratory ruling as to CALEA obligations with regard to new
equipment, facilities and services.
G. Consolidation of CALEA Rules
77. We are taking this opportunity to consolidate our CALEA rules
into part 1. Currently, those rules are contained in three different
Parts of the Commission's rules: part 22, titled ``Public Mobile
Services;'' part 24, titled ``Personal Communications Services;'' and
part 64, titled ``Miscellaneous Rules Related to Common Carriers.''
CALEA rules for parts 22 and 24 are each contained in a subpart J,
titled ``Required New Capabilities Pursuant to the Communications
Assistance for Law Enforcement Act (CALEA).'' Each respective subpart
sets forth the CALEA capabilities that must be provided by cellular and
Personal Communications Services (PCS) telecommunications carriers.
CALEA rules for part 64 are contained both in subpart V, titled
``Telecommunication Carrier System Security and Integrity Pursuant to
the Communications Assistance for Law Enforcement Act (CALEA);'' and in
subpart W, titled ``Required New Capabilities Pursuant to the
Communications Assistance for Law Enforcement Act (CALEA).'' subpart V
of part 64 sets forth the CALEA systems security and integrity rules
for all telecommunications carriers, while subpart W of part 64 sets
forth the CALEA capabilities that must be provided by wireline
telecommunications carriers.
78. Our current CALEA rules structure is somewhat confusing because
capability requirements are contained in three different parts, while
systems security and integrity requirements are contained in only one
part. Further, the capability requirements for cellular, PCS, and
wireline telecommunications carriers specified in different parts are
identical, with the only differences in language being the specific
references to the three different types of carriers. Moreover, as
discussed, we are herein codifying the statutory requirement that all
carriers subject to CALEA must comply with the assistance capability
requirements of section 103. While we could codify this requirement in
part 64, that part pertains to ``telecommunications carriers'' under
the Communications Act, rather than the broader application of that
term under CALEA. We therefore find it more logical to codify this
requirement and consolidate our existing CALEA rules in part 1, which
is titled ``Practice and Procedure,'' and contains rules that apply
more broadly to various services within the Commission's jurisdiction.
Accordingly, we are establishing new subpart Z of part 1, titling it
``Communications Assistance for Law Enforcement Act,'' and are deleting
part 22, subpart J; part 24, subpart J; part 64, subpart V; and part
64, subpart W. Part 1, subpart Z specifies that all carriers subject to
CALEA must comply with both the assistance capability requirements of
CALEA section 103 and the systems security and integrity requirements
of CALEA section 105, and also lists the specific capability
requirements pertaining to cellular, PCS, and wireline carriers that
are currently set forth in parts 22, 24, and 64. These rule changes are
specified in the rules section.
H. Miscellaneous
79. We recognize that certain questions raised by the outstanding
Further Notice of Proposed Rulemaking in this docket remain unresolved.
We intend to address these matters expeditiously in a future order. In
addition, we recognize that parties may also seek clarification of our
rules and regulations. Our rules and precedent provide us with
authority to issue such clarifications, amendments, suspensions, or
waivers both in response to petitions or on our own motion.
Final Regulatory Flexibility Analysis
80. As required by the Regulatory Flexibility Act of 1980, as
amended (RFA), an Initial Regulatory Flexibility Analysis (IRFA) was
incorporated in the NPRM in this proceeding. The Commission sought
written public comment on the proposals in the NPRM, including comment
on the IRFA. The comments received are discussed below, except to the
extent that they were previously addressed in the Final Regulatory
Flexibility Analysis (FRFA) attached to the First R&O in this
proceeding. The current FRFA, which conforms to the RFA, pertains only
to the Second R&O in this proceeding. The
[[Page 38104]]
companion MO&O does not adopt rules, but rather, inter alia, denies a
petition to change a Commission rule.
A. Need for, and Objectives of, the Rules
81. Advances in technology, most notably the introduction of
digital transmission and processing techniques, and the proliferation
of Internet services such as broadband access and VoIP, have challenged
the ability of LEAs to conduct lawful electronic surveillance. In light
of these difficulties and other outstanding issues associated with the
implementation of the CALEA, DOJ, FBI, and DEA filed a joint petition
for expedited rulemaking in March 2004, asking the Commission to
address and resolve these issues. The First R&O concluded that CALEA
applies to facilities-based broadband Internet access providers and
providers of interconnected VoIP service, and established a compliance
deadline of May 14, 2007 for these providers.
82. In the Second R&O, we require that facilities-based broadband
Internet access providers and providers of interconnected VoIP submit
monitoring reports to ensure their CALEA compliance by the May 14, 2007
deadline established by the First R&O. More generally, we require that
telecommunications carriers comply with CALEA by finding that sections
107(c) and 109(b) of CALEA provide only limited and temporary relief
from compliance requirements, and by finding that extension of the
compliance deadline for capabilities required by CALEA section 103 is
available only for facilities and services deployed prior to October
25, 1998 under the express terms of the statute. We also conclude that,
in addition to the enforcement remedies through the courts available to
LEAs under CALEA section 108, we may take separate enforcement action
under section 229(a) of the Communications Act against carriers that
fail to comply with CALEA. Moreover, we conclude that carriers must
generally pay for CALEA development and implementation costs incurred
after January 1, 1995 (unless their costs are reimbursed in response to
a CALEA section 109(b) petition), but we acknowledge that they may
recover costs from other sources, such as from their subscribers.
B. Summary of Significant Issues Raised by Public Comments in Response
to the IRFA
83. In this section, we respond to commenters who filed directly in
response to the IRFA. To the extent we received comments raising
general small business concerns during this proceeding, those comments
are discussed throughout the Second R&O.
84. The National Telecommunications Cooperative Association (NTCA)
and the Office of Advocacy, U.S. Small Business Administration
(Advocacy) filed comments directly in response to the IRFA. NTCA and
Advocacy both generally contend that the RFA requires that the
Commission consider less burdensome alternatives appropriate to the
size of the covered entities. These comments were partially addressed
in our previous First R&O in this proceeding; therefore, in this FRFA,
we respond only to those arguments that are relevant to the Second R&O.
In particular, we respond to NTCA's argument that we failed to include
the availability of CALEA section 107(c) extension petitions as part of
the IRFA and to Advocacy's arguments that the IRFA did not discuss all
the alternatives available to small entities, including petitions for
extensions under CALEA sections 107(c) and 109(b) and use of TTPs.
85. We reject NTCA's and Advocacy's arguments that the Commission
failed to adequately consider these issues. While we recognize that we
did not specifically list them in the IRFA, the IRFA combined with the
NPRM appropriately identified the ways in which the Commission could
lessen the regulatory burdens on small businesses in compliance with
our RFA obligations. First, we generally discussed in the NPRM the
possibility of an exemption from CALEA compliance for small businesses
that provide wireless broadband Internet access to rural areas. Second,
with regard to CALEA sections 107(c) and 109(b) compliance extension
petitions, we devoted an entire section of the NPRM, spanning 24
paragraphs, to these issues. Although we proposed to restrict the
availability of compliance extensions under section 107(c) and noted
that there is a significant burden on section 109(b) petitioners, we
thoroughly considered the potential impact of those proposals on small
businesses, but concluded that it would be inconsistent with the CALEA
statute to make exceptions for small businesses with respect to section
107(c) and section 109(b) petitions. Third, with respect to TTPs, we
devoted a subsection of the NPRM, spanning eight paragraphs, to that
issue. We noted therein that there may be some tension between relying
on a TTP model and ``safe harbor'' standards, but that TTPs had the
potential to simplify or ease the burden on carriers and manufacturers
in providing packet content and call-identifying information to LEAs.
Further, we noted that external TTP systems ``might provide economies
of scale for small carriers.'' Therefore, we believe that a revised
IRFA is not necessary on any of these issues.
C. Description and Estimate of the Number of Small Entities To Which
Rules Will Apply
86. The RFA directs agencies to provide a description of and, where
feasible, an estimate of the number of small entities that may be
affected by the proposed rules. The RFA generally defines the term
``small entity'' as having the same meaning as the terms ``small
business,'' ``small organization,'' and ``small governmental
jurisdiction.'' In addition, the term ``small business'' has the same
meaning as the term ``small business concern'' under the Small Business
Act. A small business concern is one which: (1) Is independently owned
and operated; (2) is not dominant in its field of operation; and (3)
satisfies any additional criteria established by the Small Business
Administration (SBA).
1. Telecommunications Service Entities
a. Wireline Carriers and Service Providers
87. Small Incumbent Local Exchange Carriers (LECs). We have
included small incumbent LECs present RFA analysis. As noted above, a
``small business'' under the RFA is one that, inter alia, meets the
pertinent small business size standard (e.g., a telephone
communications business having 1,500 or fewer employees), and ``is not
dominant in its field of operation.'' Advocacy contends that, for RFA
purposes, small incumbent LECs are not dominant in their field of
operation because any such dominance is not ``national'' in scope. We
have therefore included small incumbent LECs in this RFA analysis,
although we emphasize that this RFA action has no effect on Commission
analyses and determinations in other, non-RFA contexts.
88. Incumbent Local Exchange Carriers. Neither the Commission nor
the SBA has developed a small business size standard specifically for
incumbent local exchange services. The appropriate size standard under
SBA rules is for the category Wired Telecommunications Carriers. Under
that size standard, such a business is small if it has 1,500 or fewer
employees. According to Commission data, 1,303 carriers have reported
that they are engaged in the provision of incumbent local exchange
services. Of these 1,303 carriers, an estimated 1,020 have 1,500 or
fewer
[[Page 38105]]
employees and 283 have more than 1,500 employees. Consequently, the
Commission estimates that most providers of incumbent local exchange
service are small businesses that may be affected by our action. In
addition, limited preliminary census data for 2002 indicate that the
total number of wired communications carriers increased approximately
34 percent from 1997 to 2002.
89. Competitive Local Exchange Carriers, Competitive Access
Providers (CAPs), ``Shared-Tenant Service Providers,'' and ``Other
Local Service Providers.'' Neither the Commission nor the SBA has
developed a small business size standard specifically for these service
providers. The appropriate size standard under SBA rules is for the
category Wired Telecommunications Carriers. Under that size standard,
such a business is small if it has 1,500 or fewer employees. According
to Commission data, 769 carriers have reported that they are engaged in
the provision of either competitive access provider services or
competitive local exchange carrier services. Of these 769 carriers, an
estimated 676 have 1,500 or fewer employees and 93 have more than 1,500
employees. In addition, 12 carriers have reported that they are
``Shared-Tenant Service Providers,'' and all 12 are estimated to have
1,500 or fewer employees. In addition, 39 carriers have reported that
they are ``Other Local Service Providers.'' Of the 39, an estimated 38
have 1,500 or fewer employees and one has more than 1,500 employees.
Consequently, the Commission estimates that most providers of
competitive local exchange service, competitive access providers,
``Shared-Tenant Service Providers,'' and ``Other Local Service
Providers'' are small entities that may be affected by our action. In
addition, limited preliminary census data for 2002 indicate that the
total number of wired communications carriers increased approximately
34 percent from 1997 to 2002.
90. Payphone Service Providers (PSPs). Neither the Commission nor
the SBA has developed a small business size standard specifically for
payphone services providers. The appropriate size standard under SBA
rules is for the category Wired Telecommunications Carriers. Under that
size standard, such a business is small if it has 1,500 or fewer
employees. According to Commission data, 654 carriers have reported
that they are engaged in the provision of payphone services. Of these,
an estimated 652 have 1,500 or fewer employees and two have more than
1,500 employees. Consequently, the Commission estimates that the
majority of payphone service providers are small entities that may be
affected by our action. In addition, limited preliminary census data
for 2002 indicate that the total number of wired communications
carriers increased approximately 34 percent from 1997 to 2002.
91. Interexchange Carriers (IXCs). Neither the Commission nor the
SBA has developed a small business size standard specifically for
providers of interexchange services. The appropriate size standard
under SBA rules is for the category Wired Telecommunications Carriers.
Under that size standard, such a business is small if it has 1,500 or
fewer employees. According to Commission data, 316 carriers have
reported that they are engaged in the provision of interexchange
service. Of these, an estimated 292 have 1,500 or fewer employees and
24 have more than 1,500 employees. Consequently, the Commission
estimates that the majority of IXCs are small entities that may be
affected by our action. In addition, limited preliminary census data
for 2002 indicate that the total number of wired communications
carriers increased approximately 34 percent from 1997 to 2002.
92. Operator Service Providers (OSPs). Neither the Commission nor
the SBA has developed a small business size standard specifically for
operator service providers. The appropriate size standard under SBA
rules is for the category Wired Telecommunications Carriers. Under that
size standard, such a business is small if it has 1,500 or fewer
employees. According to Commission data, 23 carriers have reported that
they are engaged in the provision of operator services. Of these, an
estimated 20 have 1,500 or fewer employees and three have more than
1,500 employees. Consequently, the Commission estimates that the
majority of OSPs are small entities that may be affected by our action.
In addition, limited preliminary census data for 2002 indicate that the
total number of wired communications carriers increased approximately
34 percent from 1997 to 2002.
93. Prepaid Calling Card Providers. Neither the Commission nor the
SBA has developed a small business size standard specifically for
prepaid calling card providers. The appropriate size standard under SBA
rules is for the category Telecommunications Resellers. Under that size
standard, such a business is small if it has 1,500 or fewer employees.
According to Commission data, 89 carriers have reported that they are
engaged in the provision of prepaid calling cards. Of these, 88 are
estimated to have 1,500 or fewer employees and one has more than 1,500
employees. Consequently, the Commission estimates that all or the
majority of prepaid calling card providers are small entities that may
be affected by our action.
b. Wireless Telecommunications Service Providers
94. For those services subject to auctions, we note that, as a
general matter, the number of winning bidders that qualify as small
businesses at the close of an auction does not necessarily represent
the number of small businesses currently in service. Also, the
Commission does not generally track subsequent business size unless, in
the context of assignments or transfers, unjust enrichment issues are
implicated.
95. Wireless Service Providers. The SBA has developed a small
business size standard for wireless firms within the two broad economic
census categories of ``Paging'' and ``Cellular and Other Wireless
Telecommunications.'' Under both SBA categories, a wireless business is
small if it has 1,500 or fewer employees. For the census category of
Paging, Census Bureau data for 1997 show that there were 1,320 firms in
this category, total, that operated for the entire year. Of this total,
1,303 firms had employment of 999 or fewer employees, and an additional
17 firms had employment of 1,000 employees or more. Thus, under this
category and associated small business size standard, the majority of
firms can be considered small. For the census category Cellular and
Other Wireless Telecommunications, Census Bureau data for 1997 show
that there were 977 firms in this category, total, that operated for
the entire year. Of this total, 965 firms had employment of 999 or
fewer employees, and an additional 12 firms had employment of 1,000
employees or more. Thus, under this second category and size standard,
the majority of firms can, again, be considered small. In addition,
limited preliminary census data for 2002 indicate that the total number
of paging providers decreased approximately 51 percent from 1997 to
2002. In addition, limited preliminary census data for 2002 indicate
that the total number of cellular and other wireless telecommunications
carriers increased approximately 321 percent from 1997 to 2002.
96. Cellular Licensees. The SBA has developed a small business size
standard for wireless firms within the broad economic census category
``Cellular and Other Wireless
[[Page 38106]]
Telecommunications.'' Under this SBA category, a wireless business is
small if it has 1,500 or fewer employees. For the census category
Cellular and Other Wireless Telecommunications firms, Census Bureau
data for 1997 show that there were 977 firms in this category, total,
that operated for the entire year. Of this total, 965 firms had
employment of 999 or fewer employees, and an additional 12 firms had
employment of 1,000 employees or more. Thus, under this category and
size standard, the great majority of firms can be considered small.
Also, according to Commission data, 437 carriers reported that they
were engaged in the provision of cellular service, Personal
Communications Service (PCS), or Specialized Mobile Radio (SMR)
Telephony services, which are placed together in the data. We have
estimated that 260 of these are small, under the SBA small business
size standard.
97. Common Carrier Paging. The SBA has developed a small business
size standard for wireless firms within the broad economic census
category, ``Cellular and Other Wireless Telecommunications.'' Under
this SBA category, a wireless business is small if it has 1,500 or
fewer employees. For the census category of Paging, Census Bureau data
for 1997 show that there were 1,320 firms in this category, total, that
operated for the entire year. Of this total, 1,303 firms had employment
of 999 or fewer employees, and an additional 17 firms had employment of
1,000 employees or more. Thus, under this category and associated small
business size standard, the majority of firms can be considered small.
98. In the Paging Third Report and Order, we developed a small
business size standard for ``small businesses'' and ``very small
businesses'' for purposes of determining their eligibility for special
provisions such as bidding credits and installment payments. A ``small
business'' is an entity that, together with its affiliates and
controlling principals, has average gross revenues not exceeding $15
million for the preceding three years. Additionally, a ``very small
business'' is an entity that, together with its affiliates and
controlling principals, has average gross revenues that are not more
than $3 million for the preceding three years. The SBA has approved
these small business size standards. An auction of Metropolitan
Economic Area licenses closed on March 2, 2000. Of the 985 licenses
auctioned, 440 were sold. Fifty-seven companies claiming small business
status won. Also, according to Commission data, 375 carriers reported
that they were engaged in the provision of paging and messaging
services. Of those, we estimate that 370 are small, under the SBA-
approved small business size standard.
99. Wireless Communications Services. This service can be used for
fixed, mobile, radiolocation, and digital audio broadcasting satellite
uses. The Commission established small business size standards for the
wireless communications services (WCS) auction. A ``small business'' is
an entity with average gross revenues of $40 million for each of the
three preceding years, and a ``very small business'' is an entity with
average gross revenues of $15 million for each of the three preceding
years. The SBA has approved these small business size standards. The
Commission auctioned geographic area licenses in the WCS service. In
the auction, there were seven winning bidders that qualified as ``very
small business'' entities, and one that qualified as a ``small
business'' entity.
100. Wireless Telephony. Wireless telephony includes cellular,
personal communications services (PCS), and specialized mobile radio
(SMR) telephony carriers. As noted earlier, the SBA has developed a
small business size standard for ``Cellular and Other Wireless
Telecommunications'' services. Under that SBA small business size
standard, a business is small if it has 1,500 or fewer employees.
According to Commission data, 437 carriers reported that they were
engaged in the provision of wireless telephony. We have estimated that
260 of these are small under the SBA small business size standard.
101. Broadband Personal Communications Service. The broadband
Personal Communications Service (PCS) spectrum is divided into six
frequency blocks designated A through F, and the Commission has held
auctions for each block. The Commission defined ``small entity'' for
Blocks C and F as an entity that has average gross revenues of $40
million or less in the three previous calendar years. For Block F, an
additional classification for ``very small business'' was added and is
defined as an entity that, together with its affiliates, has average
gross revenues of not more than $15 million for the preceding three
calendar years.'' These standards defining ``small entity'' in the
context of broadband PCS auctions have been approved by the SBA. No
small businesses, within the SBA-approved small business size standards
bid successfully for licenses in Blocks A and B. There were 90 winning
bidders that qualified as small entities in the Block C auctions. A
total of 93 small and very small business bidders won approximately 40
percent of the 1,479 licenses for Blocks D, E, and F. On March 23,
1999, the Commission re-auctioned 347 C, D, E, and F Block licenses.
There were 48 small business winning bidders. On January 26, 2001, the
Commission completed the auction of 422 C and F Broadband PCS licenses
in Auction No. 35. Of the 35 winning bidders in this auction, 29
qualified as ``small'' or ``very small'' businesses. Subsequent events,
concerning Auction 35, including judicial and agency determinations,
resulted in a total of 163 C and F Block licenses being available for
grant.
c. Satellite Telecommunications Service Providers
102. Satellite telecommunications service providers include
satellite operators and earth station operators. The Commission has not
developed a definition of small entities applicable to such operators.
Therefore, the applicable definition of small entity is generally the
definition under the SBA rules applicable to Satellite
Telecommunications. This definition provides that a small entity is
expressed as one with $13.5 million or less in annual receipts. 1997
Census Bureau data indicate that, for 1997, 273 satellite communication
firms had annual receipts of under $10 million. In addition, 24 firms
had receipts for that year of $10 million to $24,999,990.
2. Cable and OVS Operators
103. Cable and Other Program Distribution. The Census Bureau
defines this category as follows: ``This industry comprises
establishments primarily engaged as third-party distribution systems
for broadcast programming. The establishments of this industry deliver
visual, aural, or textual programming received from cable networks,
local television stations, or radio networks to consumers via cable or
direct-to-home satellite systems on a subscription or fee basis. These
establishments do not generally originate programming material.'' The
SBA has developed a small business size standard for Cable and Other
Program Distribution, which is: all such firms having $13.5 million or
less in annual receipts. According to Census Bureau data for 2002,
there were a total of 1,191 firms in this category that operated for
the entire year. Of this total, 1,087 firms had annual receipts of
under $10 million, and 43 firms had receipts of $10 million or more but
less than $25 million. Thus, under this size standard, the majority of
firms can be considered small.
104. Cable Companies and Systems. The Commission has also developed
its
[[Page 38107]]
own small business size standards, for the purpose of cable rate
regulation. Under the Commission's rules, a ``small cable company'' is
one serving 400,000 or fewer subscribers, nationwide. Industry data
indicate that, of 1,076 cable operators nationwide, all but eleven are
small under this size standard. In addition, under the Commission's
rules, a ``small system'' is a cable system serving 15,000 or fewer
subscribers. Industry data indicate that, of 7,208 systems nationwide,
6,139 systems have under 10,000 subscribers, and an additional 379
systems have 10,000-19,999 subscribers. Thus, under this second size
standard, most cable systems are small.
105. Cable System Operators. The Communications Act of 1934, as
amended, also contains a size standard for small cable system
operators, which is ``a cable operator that, directly or through an
affiliate, serves in the aggregate fewer than 1 percent of all
subscribers in the United States and is not affiliated with any entity
or entities whose gross annual revenues in the aggregate exceed
$250,000,000.'' The Commission has determined that an operator serving
fewer than 677,000 subscribers shall be deemed a small operator, if its
annual revenues, when combined with the total annual revenues of all
its affiliates, do not exceed $250 million in the aggregate. Industry
data indicate that, of 1,076 cable operators nationwide, all but ten
are small under this size standard. We note that the Commission neither
requests nor collects information on whether cable system operators are
affiliated with entities whose gross annual revenues exceed $250
million, and therefore we are unable to estimate more accurately the
number of cable system operators that would qualify as small under the
size standard contained in the Communications Act of 1934.
106. Open Video Services. Open Video Service (OVS) systems provide
subscription services. The SBA has created a small business size
standard for Cable and Other Program Distribution. This standard
provides that a small entity is one with $12.5 million or less in
annual receipts. The Commission has certified a large number of OVS
operators, and some of these are currently providing service.
Affiliates of Residential Communications Network, Inc. (RCN) received
approval to operate OVS systems in New York City, Boston, Washington,
D.C., and other areas. RCN has sufficient revenues to assure that it
does not qualify as a small business entity. Little financial
information is available for the other entities that are authorized to
provide OVS. Given this fact, the Commission concludes that those
entities might qualify as small businesses, and therefore may be
affected by the rules and policies adopted herein.
3. Internet and Other Information Service Providers
107. Internet Service Providers. The SBA has developed a small
business size standard for Internet Service Providers (ISPs). ISPs
``provide clients access to the Internet and generally provide related
services such as web hosting, web page designing, and hardware or
software consulting related to Internet connectivity.'' Under the SBA
size standard, such a business is small if it has average annual
receipts of $23 million or less. According to Census Bureau data for
2002, there were 2,529 firms in this category that operated for the
entire year. Of these, 2,437 firms had annual receipts of under $10
million, and 47 firms had receipts of $10 million or more but less then
$25 million. Consequently, we estimate that the majority of these firms
are small entities that may be affected by our action.
108. All Other Information Services. ``This industry comprises
establishments primarily engaged in providing other information
services (except new syndicates and libraries and archives).'' Our
action pertains to VoIP services, which could be provided by entities
that provide other services such as e-mail, online gaming, web
browsing, video conferencing, instant messaging, and other, similar IP-
enabled services. The SBA has developed a small business size standard
for this category; that size standard is $6.5 million or less in
average annual receipts. According to Census Bureau data for 1997,
there were 195 firms in this category that operated for the entire
year. Of these, 172 had annual receipts of under $5 million, and an
additional nine firms had receipts of between $5 million and
$9,999,999. Consequently, we estimate that the majority of these firms
are small entities that may be affected by our action.
D. Description of Projected Reporting, Recordkeeping and Other
Compliance Requirements
109. The Second R&O requires that facilities-based broadband
Internet access providers and providers of interconnected VoIP submit
monitoring reports to the Commission to ensure their CALEA compliance
by the May 14, 2007 deadline established by the First R&O. The Second
R&O also requires that, within 90 days of its effective date,
facilities-based broadband Internet access providers and providers of
interconnected VoIP who were newly-identified in the First R&O as
subject to CALEA submit system security statements to the Commission.
Additionally, the Second R&O requires that each carrier that has a
CALEA section 107(c) petition on file with the Commission submit to us
a letter documenting that the carrier's equipment, facility, or service
qualifies for section 107(c) relief under the October 25, 1998 cutoff
for such relief. The Second R&O contains new information collection
requirements subject to the Paperwork Reduction Act of 1995 (PRA),
Public Law 104-13. They will be submitted to OMB for review under
Section 3507(d) of the PRA. OMB, the general public, and other Federal
agencies are invited to comment on the new or modified information
collection requirements contained in this proceeding.
E. Steps Taken To Minimize Significant Economic Impact on Small
Entities, and Significant Alternatives Considered
110. The RFA requires an agency to describe any significant
alternatives that it has considered in reaching its proposed approach,
which may include (among others) the following four alternatives: (1)
The establishment of differing compliance or reporting requirements or
timetables that take into account the resources available to small
entities; (2) the clarification, consolidation, or simplification of
compliance or reporting requirements under the rule for small entities;
(3) the use of performance, rather than design, standards; and (4) an
exemption from coverage of the rule, or any part thereof, for small
entities.
111. The need for the regulations adopted herein is mandated by
Federal legislation. In the Second R&O, we find that, under the express
terms of the CALEA statute, all carriers subject to CALEA are obliged
to become CALEA-compliant without exception. However, in the
previously-issued Further Notice of Proposed Rulemaking in this
proceeding (a companion document to the First R&O), we are considering
two alternatives: (1) Exempting from CALEA certain classes or
categories of facilities-based broadband Internet access providers--
notably small and rural providers and providers of broadband networks
for educational and research institutions, and (2) requiring something
less than full CALEA compliance for certain classes or categories of
providers, including smaller providers.
112. In the Second R&O, we find that, within 90 days of the
effective date of the Second R&O, facilities-based
[[Page 38108]]
broadband Internet access providers and providers of interconnected
VoIP who were newly-identified in the First R&O as subject to CALEA
must submit system security statements to the Commission. Ensuring that
any interception of a carrier's communications or access to call-
identifying information can be activated only in accordance with a
court order or other lawful authorization and with the affirmative
intervention of an employee of the carrier acting in accordance with
regulations prescribed by the Commission is required by section 105 of
CALEA and section 229(b) of the Communications Act. Further, system
security compliance within 90 days is specified for telecommunications
carriers in section 64.2105 of the Commission's rules. While we
considered the alternative of modifying this 90-day compliance period
for facilities-based broadband Internet access providers and providers
of interconnected VoIP who were newly-identified in the First R&O as
subject to CALEA, we concluded that would result in disparate treatment
of these newly-identified providers.
113. In the Second R&O, we also find that sections 107(c) and
109(b) of CALEA provide only limited and temporary relief from
compliance requirements, and that they are complementary provisions
that serve different purposes, which are, respectively: (1) Extension
of the CALEA section 103 compliance deadline; and, (2) recovery of
CALEA-imposed costs. We considered the alternative of a less stringent
interpretation of these two sections, but concluded that, in designing
them, Congress carefully balanced a reasonable compliance period
against a firm deadline. Accordingly, we conclude that the statutory
language does not permit us to adopt a less stringent interpretation.
However, we note that section 109(b) lists 11 criteria for determining
whether CALEA compliance is ``reasonably achievable'' by a particular
telecommunications carrier, and one of these criteria is ``[t]he
financial resources of the telecommunications carrier.'' Accordingly,
small carriers may petition for relief under this CALEA section, thus
possibly mitigating, in some cases, the economic burden of compliance
with rules adopted herein.
114. In the Second R&O, we also find that, in addition to the
enforcement remedies through the courts available to LEAs under CALEA
section 108, we may take separate enforcement action under section
229(a) of the Communications Act against carriers that fail to comply
with the CALEA statute. We considered an alternative, recommended by
some commenters, that authority to enforce CALEA lies exclusively with
the courts, but we conclude that we have the authority to prescribe
CALEA rules and investigate the compliance of those carriers and
providers subject to such rules. We also conclude that there should be
no disparate treatment of small entities with regard to CALEA
enforcement because this would be inconsistent with the statute.
115. Finally, in the Second R&O, we find that carriers must
generally pay for CALEA development and implementation costs incurred
after January 1, 1995, but we acknowledge that they may recover costs
from other sources, such as from their subscribers. Some commenters
argue that carriers with small subscriber bases are less able to bear
the costs of CALEA implementation; however, to the extent CALEA costs
prohibit these carriers from reasonably achieving CALEA compliance, we
again note that CALEA section 109(b) provides a remedy. The carriers
can seek a determination from the Commission that CALEA compliance is
not reasonably achievable, and, upon such a determination, the Attorney
General may agree to pay the costs of compliance for these carriers, or
the carriers will be deemed to be in compliance. We believe our
approach represents a reasonable accommodation for small carriers.
F. Report to Congress
116. The Commission will send a copy of the Second R&O and MO&O,
including this FRFA, in a report to be sent to Congress and the
Government Accountability Office pursuant to the Congressional Review
Act. In addition, the Commission will send a copy of the Second R&O and
MO&O and FRFA to the Chief Counsel for Advocacy of the SBA.
Ordering Clauses
117. Pursuant to sections 1, 4(i), 7(a), 229, 301, 303, 332, and
410 of the Communications Act of 1934, as amended, and section 102 of
the Communications Assistance for Law Enforcement Act, 18 U.S.C. 1001,
the Second Report and Order and Memorandum Opinion and Order in ET
Docket No. 04-295 is adopted.
118. Parts 1, 22, 24, and 64 of the Commission's rules, 47 CFR
parts 1, 22, 24, and 64, are amended as set forth below. The
requirements of the Second Report and Order shall become effective
August 4, 2006. The Second Report and Order contains information
collection requirements subject to the Paperwork Reduction Act of 1995
(PRA), Public Law 104-13, that are not effective until approved by the
Office of Management and Budget. The Federal Communications Commission
will publish a document in the Federal Register announcing the
effective date of those rules.
119. The ``Petition for Reconsideration and for Clarification of
the CALEA Applicability Order'' filed by the United States Telecom
Association is granted to the extent indicated herein and is denied in
all other respects.
120. The Commission's Consumer and Governmental Affairs Bureau,
Reference Information Center, shall send a copy of the Second Report
and Order and Memorandum Opinion and Order, including the Final
Regulatory Flexibility Analysis, to the Chief Counsel for Advocacy of
the Small Business Administration.
List of Subjects
47 CFR Part 1
Communications common carriers, Reporting and recordkeeping
requirements, Telecommunications.
47 CFR Part 22
Communications common carriers.
47 CFR Part 24
Communications common carriers, Personal communications services,
Telecommunications.
47 CFR Part 64
Communications common carriers, Telecommunications, Telephone.
Federal Communications Commission.
Marlene H. Dortch,
Secretary.
Rule Changes
0
For the reasons discussed in the preamble, the Federal Communications
Commission amends 47 CFR parts 1, 22, 24, and 64 as follows:
PART 1--PRACTICE AND PROCEDURE
0
1. The authority citation for part 1 continues to read as follows:
Authority: 15 U.S.C. 79 et seq.; 47 U.S.C. 151, 154(i), 154(j),
155, 157, 225, and 303(r).
0
2. Subpart Z is added to read as follows:
Subpart Z--Communications Assistance for Law Enforcement Act
Sec.
1.20000 Purpose.
[[Page 38109]]
1.20001 Scope.
1.20002 Definitions.
1.20003 Policies and procedures for employee supervision and
control.
1.20004 Maintaining secure and accurate records.
1.20005 Submission of policies and procedures and Commission review.
1.20006 Assistance capability requirements.
1.20007 Additional assistance capability requirements for wireline,
cellular, and PCS telecommunications carriers.
1.20008 Penalties.
Subpart Z--Communications Assistance for Law Enforcement Act
Sec. 1.20000 Purpose.
Pursuant to the Communications Assistance for Law Enforcement Act
(CALEA), Public Law 103-414, 108 Stat. 4279 (1994) (codified as amended
in sections of 18 U.S.C. and 47 U.S.C.), this subpart contains rules
that require a telecommunications carrier to:
(a) Ensure that any interception of communications or access to
call-identifying information effected within its switching premises can
be activated only in accordance with appropriate legal authorization,
appropriate carrier authorization, and with the affirmative
intervention of an individual officer or employee of the carrier acting
in accordance with regulations prescribed by the Commission; and
(b) Implement the assistance capability requirements of CALEA
section 103, 47 U.S.C. 1002, to ensure law enforcement access to
authorized wire and electronic communications or call-identifying
information.
Sec. 1.20001 Scope.
The definitions included in 47 CFR 1.20002 shall be used solely for
the purpose of implementing CALEA requirements.
Sec. 1.20002 Definitions.
For purposes of this subpart:
(a) Appropriate legal authorization. The term appropriate legal
authorization means:
(1) A court order signed by a judge or magistrate authorizing or
approving interception of wire or electronic communications; or
(2) Other authorization, pursuant to 18 U.S.C. 2518(7), or any
other relevant federal or state statute.
(b) Appropriate carrier authorization. The term appropriate carrier
authorization means the policies and procedures adopted by
telecommunications carriers to supervise and control officers and
employees authorized to assist law enforcement in conducting any
interception of communications or access to call-identifying
information.
(c) Appropriate authorization. The term appropriate authorization
means both appropriate legal authorization and appropriate carrier
authorization.
(d) LEA. The term LEA means law enforcement agency; e.g., the
Federal Bureau of Investigation or a local police department.
(e) Telecommunications carrier. The term telecommunications carrier
includes:
(1) A person or entity engaged in the transmission or switching of
wire or electronic communications as a common carrier for hire;
(2) A person or entity engaged in providing commercial mobile
service (as defined in sec. 332(d) of the Communications Act of 1934
(47 U.S.C. 332(d))); or
(3) A person or entity that the Commission has found is engaged in
providing wire or electronic communication switching or transmission
service such that the service is a replacement for a substantial
portion of the local telephone exchange service and that it is in the
public interest to deem such a person or entity to be a
telecommunications carrier for purposes of CALEA.
Sec. 1.20003 Policies and procedures for employee supervision and
control.
A telecommunications carrier shall:
(a) Appoint a senior officer or employee responsible for ensuring
that any interception of communications or access to call-identifying
information effected within its switching premises can be activated
only in accordance with a court order or other lawful authorization and
with the affirmative intervention of an individual officer or employee
of the carrier.
(b) Establish policies and procedures to implement paragraph (a) of
this section, to include:
(1) A statement that carrier personnel must receive appropriate
legal authorization and appropriate carrier authorization before
enabling law enforcement officials and carrier personnel to implement
the interception of communications or access to call-identifying
information;
(2) An interpretation of the phrase ``appropriate authorization''
that encompasses the definitions of appropriate legal authorization and
appropriate carrier authorization, as used in paragraph (b)(1) of this
section;
(3) A detailed description of how long it will maintain its records
of each interception of communications or access to call-identifying
information pursuant to Sec. 1.20004;
(4) In a separate appendix to the policies and procedures document:
(i) The name and a description of the job function of the senior
officer or employee appointed pursuant to paragraph (a) of this
section; and
(ii) Information necessary for law enforcement agencies to contact
the senior officer or employee appointed pursuant to paragraph (a) of
this section or other CALEA points of contact on a seven days a week,
24 hours a day basis.
(c) Report to the affected law enforcement agencies, within a
reasonable time upon discovery:
(1) Any act of compromise of a lawful interception of
communications or access to call-identifying information to
unauthorized persons or entities; and
(2) Any act of unlawful electronic surveillance that occurred on
its premises.
Sec. 1.20004 Maintaining secure and accurate records.
(a) A telecommunications carrier shall maintain a secure and
accurate record of each interception of communications or access to
call-identifying information, made with or without appropriate
authorization, in the form of single certification.
(1) This certification must include, at a minimum, the following
information:
(i) The telephone number(s) and/or circuit identification numbers
involved;
(ii) The start date and time that the carrier enables the
interception of communications or access to call identifying
information;
(iii) The identity of the law enforcement officer presenting the
authorization;
(iv) The name of the person signing the appropriate legal
authorization;
(v) The type of interception of communications or access to call-
identifying information (e.g., pen register, trap and trace, Title III,
FISA); and
(vi) The name of the telecommunications carriers' personnel who is
responsible for overseeing the interception of communication or access
to call-identifying information and who is acting in accordance with
the carriers' policies established under Sec. 1.20003.
(2) This certification must be signed by the individual who is
responsible for overseeing the interception of communications or access
to call-identifying information and who is acting in accordance with
the telecommunications carrier's policies established under Sec.
1.20003. This individual will, by his/her signature, certify that the
record is complete and accurate.
(3) This certification must be compiled either contemporaneously
with, or within a reasonable period of
[[Page 38110]]
time after the initiation of the interception of the communications or
access to call-identifying information.
(4) A telecommunications carrier may satisfy the obligations of
paragraph (a) of this section by requiring the individual who is
responsible for overseeing the interception of communication or access
to call-identifying information and who is acting in accordance with
the carriers' policies established under Sec. 1.20003 to sign the
certification and append the appropriate legal authorization and any
extensions that have been granted. This form of certification must at a
minimum include all of the information listed in paragraph (a) of this
section.
(b) A telecommunications carrier shall maintain the secure and
accurate records set forth in paragraph (a) of this section for a
reasonable period of time as determined by the carrier.
(c) It is the telecommunications carrier's responsibility to ensure
its records are complete and accurate.
(d) Violation of this rule is subject to the penalties of Sec.
1.20008.
Sec. 1.20005 Submission of policies and procedures and Commission
review.
(a) Each telecommunications carrier shall file with the Commission
the policies and procedures it uses to comply with the requirements of
this subchapter. These policies and procedures shall be filed with the
Federal Communications Commission within 90 days of the effective date
of these rules, and thereafter, within 90 days of a carrier's merger or
divestiture or a carrier's amendment of its existing policies and
procedures.
(b) The Commission shall review each telecommunications carrier's
policies and procedures to determine whether they comply with the
requirements of Sec. Sec. 1.20003 and 1.20004.
(1) If, upon review, the Commission determines that a
telecommunications carrier's policies and procedures do not comply with
the requirements established under Sec. Sec. 1.20003 and 1.20004, the
telecommunications carrier shall modify its policies and procedures in
accordance with an order released by the Commission.
(2) The Commission shall review and order modification of a
telecommunications carrier's policies and procedures as may be
necessary to insure compliance by telecommunications carriers with the
requirements of the regulations prescribed under Sec. Sec. 1.20003 and
1.20004.
Sec. 1.20006 Assistance capability requirements.
(a) Telecommunications carriers shall provide to a Law Enforcement
Agency the assistance capability requirements of CALEA regarding wire
and electronic communications and call-identifying information, see 47
U.S.C. 1002. A carrier may satisfy these requirements by complying with
publicly available technical requirements or standards adopted by an
industry association or standard-setting organization, such as J-STD-
025 (current version), or by the Commission.
(b) Telecommunications carriers shall consult, as necessary, in a
timely fashion with manufacturers of its telecommunications
transmission and switching equipment and its providers of
telecommunications support services for the purpose of ensuring that
current and planned equipment, facilities, and services comply with the
assistance capability requirements of 47 U.S.C. 1002.
(c) A manufacturer of telecommunications transmission or switching
equipment and a provider of telecommunications support service shall,
on a reasonably timely basis and at a reasonable charge, make available
to the telecommunications carriers using its equipment, facilities, or
services such features or modifications as are necessary to permit such
carriers to comply with the assistance capability requirements of 47
U.S.C. 1002.
Sec. 1.20007 Additional assistance capability requirements for
wireline, cellular, and PCS telecommunications carriers.
(a) Definition--(1) Call-identifying information. Call identifying
information means dialing or signaling information that identifies the
origin, direction, destination, or termination of each communication
generated or received by a subscriber by means of any equipment,
facility, or service of a telecommunications carrier. Call-identifying
information is ``reasonably available'' to a carrier if it is present
at an intercept access point and can be made available without the
carrier being unduly burdened with network modifications.
(2) Collection function. The location where lawfully authorized
intercepted communications and call-identifying information is
collected by a law enforcement agency (LEA).
(3) Content of subject-initiated conference calls. Capability that
permits a LEA to monitor the content of conversations by all parties
connected via a conference call when the facilities under surveillance
maintain a circuit connection to the call.
(4) Destination. A party or place to which a call is being made
(e.g., the called party).
(5) Dialed digit extraction. Capability that permits a LEA to
receive on the call data channel a digits dialed by a subject after a
call is connected to another carrier's service for processing and
routing.
(6) Direction. A party or place to which a call is re-directed or
the party or place from which it came, either incoming or outgoing
(e.g., a redirected-to party or redirected-from party).
(7) IAP. Intercept access point is a point within a carrier's
system where some of the communications or call-identifying information
of an intercept subject's equipment, facilities, and services are
accessed.
(8) In-band and out-of-band signaling. Capability that permits a
LEA to be informed when a network message that provides call
identifying information (e.g., ringing, busy, call waiting signal,
message light) is generated or sent by the IAP switch to a subject
using the facilities under surveillance. Excludes signals generated by
customer premises equipment when no network signal is generated.
(9) J-STD-025. The standard, including the latest version,
developed by the Telecommunications Industry Association (TIA) and the
Alliance for Telecommunications Industry Solutions (ATIS) for wireline,
cellular, and broadband PCS carriers. This standard defines services
and features to support lawfully authorized electronic surveillance,
and specifies interfaces necessary to deliver intercepted
communications and call-identifying information to a LEA. Subsequently,
TIA and ATIS published J-STD-025-A and J-STD-025-B.
(10) Origin. A party initiating a call (e.g., a calling party), or
a place from which a call is initiated.
(11) Party hold, join, drop on conference calls. Capability that
permits a LEA to identify the parties to a conference call conversation
at all times.
(12) Subject-initiated dialing and signaling information.
Capability that permits a LEA to be informed when a subject using the
facilities under surveillance uses services that provide call
identifying information, such as call forwarding, call waiting, call
hold, and three-way calling. Excludes signals generated by customer
premises equipment when no network signal is generated.
(13) Termination. A party or place at the end of a communication
path (e.g. the called or call-receiving party, or the switch of a party
that has placed another party on hold).
(14) Timing information. Capability that permits a LEA to associate
call-
[[Page 38111]]
identifying information with the content of a call. A call-identifying
message must be sent from the carrier's IAP to the LEA's Collection
Function within eight seconds of receipt of that message by the IAP at
least 95% of the time, and with the call event time-stamped to an
accuracy of at least 200 milliseconds.
(b) In addition to the requirements in Sec. 1.20006, wireline,
cellular, and PCS telecommunications carriers shall provide to a LEA
the assistance capability requirements regarding wire and electronic
communications and call identifying information covered by J-STD-025
(current version), and, subject to the definitions in this section, may
satisfy these requirements by complying with J-STD-025 (current
version), or by another means of their own choosing. These carriers
also shall provide to a LEA the following capabilities:
(1) Content of subject-initiated conference calls;
(2) Party hold, join, drop on conference calls;
(3) Subject-initiated dialing and signaling information;
(4) In-band and out-of-band signaling;
(5) Timing information;
(6) Dialed digit extraction, with a toggle feature that can
activate/deactivate this capability.
Sec. 1.20008 Penalties.
In the event of a telecommunications carrier's violation of this
subchapter, the Commission shall enforce the penalties articulated in
47 U.S.C. 503(b) of the Communications Act of 1934 and 47 CFR 1.80.
PART 22--PUBLIC MOBILE SERVICES
0
3. The authority citation for part 22 continues to read as follows:
Authority: 47 U.S.C. 154, 222, 303, 309, and 332.
Subpart J--[Removed]
0
4. Remove subpart J, consisting of Sec. Sec. 22.1100 through 22.1103.
PART 24--PERSONAL COMMUNICATIONS SERVICES
0
5. The authority citation for part 24 continues to read as follows:
Authority: 47 U.S.C. 154, 301, 302, 303, 309, and 332.
Subpart J--[Removed]
0
6. Remove subpart J, consisting of Sec. Sec. 24.900 through 24.903.
PART 64--MISCELLANEOUS RULES RELATING TO COMMON CARRIERS
0
7. The authority citation for part 64 continues to read as follows:
Authority: 47 U.S.C. 154, 254(k); secs. 403(b)(2)(B), (c), Pub.
L. 104-104, 110 Stat. 56. Interpret or apply 47 U.S.C. 201, 218,
222, 225, 226, 228, and 254(k) unless otherwise noted.
Subpart V--[Removed and Reserved]
0
8. Remove and reserve subpart V, consisting of Sec. Sec. 64.2100
through 64.2106.
Subpart W--[Removed and Reserved]
0
9. Remove and reserve subpart W, consisting of Sec. Sec. 64.2200
through 64.2203.
[FR Doc. 06-5954 Filed 7-3-06; 8:45 am]
BILLING CODE 6712-01-P