REMINDER: VoIP and Broadband Internet Access Providers Face Approaching Compliance Deadlines Under CALEA
In several decisions the FCC has expanded obligations under the Communications Assistance for Law Enforcement Act (CALEA) beyond traditional telephone companies, to include interconnected VoIP providers and facilities-based broadband Internet access providers. These decisions call on these two classes of entities to be in compliance with the statute’s assistance capability requirements by May 14, 2007.
Broadly speaking this means that by the deadline, providers must have network facilities capable of “expeditiously isolating and enabling the government, … to intercept, … all wireline and electronic communications carried by the carrier…” and “to access call-identifying information that is reasonably available to the carrier…” in response to appropriate subpoenas or court orders. Affected carriers can comply by one of several methods, including the use of industry-developed “safe harbor” standards, and through the use of vendors known as “trusted third parties.” Carriers may also comply using existing network and technological solutions that provide the government access to the call content and call identifying information described above.
In advance of the May 14, 2007 deadline, there are several other important deadlines:
First, by February 12, 2007, all affected entities must file “Monitoring Reports” with the FCC and the FBI, using the FCC’s Form 445. These reports are intended to identify entities that will, and will not, be in compliance with CALEA by the May 14, 2007 deadline, including a designation of which of several possible compliance options will be used, and a description of anticipated compliance shortfalls. We recommend that affected entities carefully consider how to present their particular circumstances, in light of law enforcement’s key concerns, given that there may not yet be any applicable “safe harbor” standards, and that hardware and software might not be commercially available to meet any “safe harbors” that have been established.
Second, by March 12, 2007, all affected entities must file with the FCC a systems security and integrity (SSI) plan that details the policies and procedures used to ensure compliance with Section 105 of CALEA and associated FCC regulations. Generally speaking, the SSI plan lays out internal operating procedures to ensure proper supervision and control of employees responding to law enforcement surveillance requests; and to maintain secure and accurate records of each interception of communications or access to call-identifying information.
Davis Wright Tremaine counsels facilities-based broadband Internet access providers and interconnected VoIP service providers on CALEA compliance and other issues. If you would like additional information or assistance with CALEA compliance matters, please contact us.