Your Federal Quarterly Tax Payments are due April 15th Get Help Now >>

CALEA Statutory Provisions - FCC by linxiaoqin


Communications Assistance For Law Enforcement Act

             David Ward, Senior Attorney
     Public Safety and Homeland Security Bureau, Policy
                       March 20, 2008
                 Non-Public Information; For Internal     1
                              Use Only
Part 1- CALEA Demystified

     Description, Compliance
 Requirements, Compliance Relief,
        and Enforcement

         Non-Public Information; For Internal   2
                      Use Only
              What Is CALEA?
      Legal and Regulatory Fundamentals
• Communications Assistance for Law Enforcement Act,
   – Pub. L. No. 103-414, 108 Stat. 4279 (1994) (codified as amended
     in sections of 18 U.S.C. and 47 U.S.C.).
• The CALEA Preamble:
   – “AN ACT To amend title 18, United States Code, to make clear a
     telecommunications carrier’s duty to cooperate in the interception
     of communications for law enforcement purposes, and for other
• CALEA is an Enabling Statute
   – Allows entities identified in other statutes to obtain lawful
     electronic surveillance, e.g., Federal (Titles 18 and 50), and State
• Why CALEA?

                       Non-Public Information; For Internal                 3
                                    Use Only
             What Is CALEA?
     Legal and Regulatory Fundamentals
• CALEA “Newspeak:”
  – Electronic surveillance: generic term for electronic eavesdropping.
  – Interception: generic term for electronic eavesdropping.
  – Wiretap: physical connection to a target’s service, “pliers and
  – Content interception: intercepting the conversation.
  – Two types of wiretaps:
      • Content, or “Title III:” a lawfully-authorized content interception
        obtained by a law enforcement agency (LEA).
      • Call identification information: 47 USC § 1001(2), formerly known as
        “trap, trace and pen register” wiretaps.
  – Call-related records: Available to LEAs via other statutes but not
    covered by CALEA.

                      Non-Public Information; For Internal                 4
                                   Use Only
              CALEA Compliance
       Legal and Regulatory Fundamentals
•   What Entities must comply with CALEA?
    – Statute: “Telecommunications Carriers, “ as they are defined by 47
      USC § 1001(8).
    – Regulations: CALEA Second Report and Order; in general,
      telecommunications carrier = common carrier
        • Included: Common Carriers, Resellers, CMRS, VoIP Service
          Providers, and Broadband Internet Access Providers
        • Not included: PMRS not connected to PSTN as a common carrier,
          Pay Telephone Providers, and Internet Services Providers (ISPs) that
          do not provide VoIP or broadband Internet access services.

                        Non-Public Information; For Internal                     5
                                     Use Only
              CALEA Compliance
       Legal and Regulatory Fundamentals
• What Entities must comply with CALEA? (cont’d)
   – 47 CFR § 102(8)(B)(ii): [CALEA includes] “a person or entity engaged in
     providing wire or electronic communication switching or transmission
     service to the extent that the Commission finds that such service is a
     replacement for a substantial portion of the local telephone exchange
     service and that it is in the public interest to deem such a person or entity
     to be a telecommunications carrier for purposes of this title; but
   – (c) does not include --
       • (i) persons or entities insofar as they are engaged in providing
          information services; and
       • (ii) any class or category of telecommunications carriers that the
          Commission exempts by rule after consultation with the AG”

                         Non-Public Information; For Internal                    6
                                      Use Only
             CALEA Compliance
      Legal and Regulatory Fundamentals
• What Entities must comply with CALEA? (cont’d)
   – Second Report and Order:
       • ¶ 29: “We do not believe it necessary at this time to identify by rule
         additional classes of entities within CALEA’s definition of
         telecommunications carrier, pursuant to section 102(8)(B)(ii), or to
         exempt in our rules any classes pursuant to section 102(8)(C)(ii).
         Moreover, we agree with the FBI that codification in our rules of a list
         of examples would run the risk of being considered definitive rather
         than merely illustrative. We therefore have decided not to adopt such
         a list, as we had proposed in the NPRM.”

                        Non-Public Information; For Internal                    7
                                     Use Only
             CALEA Compliance
      Legal and Regulatory Fundamentals
• “System Security and Integrity” (SSI) requirements:
   – Two statutory provisions: 47 USC §§ 1004 (CALEA section 105),
     and 229 (CALEA section 301).
   – CALEA section 105:
       • Big change over pre-CALEA electronic surveillance
       • “A telecommunications carrier shall ensure that any interception of
         communications access to call-identifying information effected within
         its switching premises can be activated only in accordance with a
         court order or other lawful authorization and with the affirmative
         intervention of an individual officer or employee of the carrier acting
         in accordance with regulations prescribed by the Commission.”

                        Non-Public Information; For Internal                   8
                                     Use Only
             CALEA Compliance
      Legal and Regulatory Fundamentals
• SSI requirements: (continued)
   – 47 USC § 229:
       • Requires the Commission to make rules to ensure SSI compliance, so
         that carriers:
           – require appropriate authorization to activate interception of
             communications or access to call identifying information
           – Prevent unauthorized interception
           – Maintain secure and accurate records of interceptions, with or without
           – Submit to Commission SSI policies and procedures
       • Commission must review each carrier’s SSI plans
       • First Report and Order contains SSI filing requirements

                        Non-Public Information; For Internal                          9
                                     Use Only
             CALEA Compliance
      Legal and Regulatory Fundamentals
• What constitutes capability compliance?
   – Statute: 47 U.S.C. § 1002, CALEA section 103 “Assistance
     Capability Requirements”
       • Prescribes content interception requirements
           – “concurrently to or from the subscriber’s equipment, facility, or service
           – “or at such later time as may be acceptable to the government
       • Prescribes call-identifying information requirements
           – “before, during, or immediately after the transmission. . .or at a later time
             as may be acceptable to the government
           – “in a manner that allows it to be associated with the communications to
             which it pertains
   – The government determines the information format

                        Non-Public Information; For Internal                           10
                                     Use Only
             CALEA Compliance
      Legal and Regulatory Fundamentals
• What constitutes capability compliance? (continued)
   – Statutory Limitations:
       • Law enforcement agencies (LEAs) cannot require any specific design
         of equipment, facilities, services, features, or system configurations.
       • Excludes information services and decrypting services
       • Excludes physical location info., except from telephone number
       • Intercept must protect:
            – Subscriber privacy
            – Existence of surveillance
   – Carriers may permit monitoring at carrier premises in emergencies
   – Mobile carriers must provide the means for seamless taps.

                         Non-Public Information; For Internal                 11
                                      Use Only
             CALEA Compliance
      Legal and Regulatory Fundamentals
• What constitutes capability compliance? (continued)
   – “Safe Harbor” provided by standards:
       • Statute: 47 USC § 1006: technical requirements and standards; extension of
         compliance date
       • Compliance with an established CALEA standard will protect a carrier from
         an enforcement action.
       • 47 USC § 1006(a): Industry standards organizations must consult with FBI,
         who must consult with state, local, and other federal LEAs, to guide the
         standards development process.
       • 47 USC § 1006(a)(3): Absence of standards no safe harbor.
       • 47 USC § 1006(b): LEAs may petition the FCC for a standards ruling.
       • 47 USC § 1006(c) (section 107(c)): Individual carriers may petition the FCC
         for an extension of up to two years, if compliance “is not reasonably
         achievable through application of technology.”

                         Non-Public Information; For Internal                          12
                                      Use Only
             CALEA Compliance
      Legal and Regulatory Fundamentals
• What constitutes capability compliance? (continued)
   – CALEA Third Report and Order
       • Adopted TIA J-STD-025 as the CALEA standard
       • Ordered that TIA include an additional six capabilities, from the nine
         “punch list” capabilities demanded of the FBI.
   – FCC role in the CALEA standards process -
       • TIA J-STD-025 (“J” Standard)
       • Safe harbor for carriers that use switching equipment built to comply
         with J standard
       • Third Report and Order,

                        Non-Public Information; For Internal                  13
                                     Use Only
             CALEA Compliance
      Legal and Regulatory Fundamentals
• What constitutes capability compliance? (continued)
   – 47 USC § 1006(c), CALEA section 107(c): “Not reasonably
     achievable” due to “availability of technology”
   – 47 USC § 1008(b), CALEA section 109(b): “Not reasonably
     achievable,” due to 11 statutory reasons.

                    Non-Public Information; For Internal       14
                                 Use Only
             CALEA Compliance
      Legal and Regulatory Fundamentals
• How much intercept capacity must a carrier provide?
   – 47 USC § 1003, CALEA section 104 “capacity requirements”
   – The statute requires the Attorney General, who delegated CALEA
     responsibility to the FBI, to develop “actual” and “maximum”
     CALEA capacity requirements.
       • Carriers must expand to the actual within three years of enactment.
       • Carriers must expand to the maximum within four years of

                       Non-Public Information; For Internal                    15
                                    Use Only
            CALEA Compliance
     Legal and Regulatory Fundamentals
• Who pays?
  – Statutory schema:
      • Capability requirements - carriers without “significant upgrades or
        major modifications” before 1/1/95, will have CALEA capabilities
        paid by the FBI. If the FBI refuses to pay, the carrier is deemed
        compliant by operation of statute (47 USC § 1008(d)).
      • Costs for CALEA capability compliance for equipment and software
        purchases after 1/1/95, that constitute “major modification and
        significant upgrade” must be borne by carriers.
      • Bottom line: CALEA has been around for 14 years, so all new
        network equipment for sale is CALEA-compliant and has been for
        quite some time.
      • Second CALEA R&O: Capitol costs for CALEA compliance accrue
        to the carrier.

                      Non-Public Information; For Internal                16
                                   Use Only
            CALEA Compliance
     Legal and Regulatory Fundamentals
• By when?
  – The original deadline was four years from the date of CALEA’s
    enactment, or October 25, 1998.
  – The FCC extended the original compliance date until June 30,
    2000, on CALEA section 107(c) grounds; not reasonably
    achievable due to the unavailability of compliant technology.
  – FCC ordered an additional extension to 9/30/2000 for the six
    punch list items approved by the Third Report and Order, and for
    packet mode communications.
  – Additional extensions were ordered to allow time for carriers and
    manufacturers to field compliance solutions for VoIP and
    Broadband Internet Access services providers. The deadline for all
    compliance was 14 May 07.

                     Non-Public Information; For Internal           17
                                  Use Only
             CALEA Enforcement
      Legal and Regulatory Fundamentals
• Who enforces?
   – 47 USC § 229 requirements: FCC
      • Full panoply of Title V enforcement mechanisms.
      • Civil damages under 47 USC § 206- What if the entity is not a
        common carrier?
   – All other CALEA:
      • FBI, pursuant to 47 USC § 1007, and 18 USC § 2522.
      • FCC, for violations of Commission Rules

                      Non-Public Information; For Internal              18
                                   Use Only
Part II- How Does CALEA
Circuit Switched, Voice over Internet
Protocol (VoIP), Broadband Access,
   and Industry-Specific Solutions

          Non-Public Information; For Internal   19
                       Use Only
          How Does CALEA Work?
    The Concept of Mechanized Wiretapping
• Telecommunications Carrier CALEA Services
    – Call Data Channel (CDC) for Call Identifying Information
    – Call Content Channel (CCC) for Content Information
•   No More “Pliers and Wires”
•   Cooperation Among all Interested Parties
    – Telecommunications Carriers- purchase and use only CALEA-
      compliant service providing equipment
    – Telecommunications Equipment Manufacturers- design and build
      into all telecommunications equipment CALEA compliance
    – Law Enforcement Agencies (LEAs)

                      Non-Public Information; For Internal       20
                                   Use Only
     How Does CALEA Work?
Lawful intercept functions & ownership
                             Law Enforcement
Law enforcement agency        Administrative
                                                         Function (CF)
                             Function (LEAF)

Voice service provider or    Service Provider
Trusted third party          Function (SPAF)
                                                         Function (DF)

                                           Intercept Access
Network service provider                      Function or
                                             Point (AF/IAP)

       Target subscriber
                          How Does CALEA Work?

          Service provider lawful intercept functions in detail
• Service Provider Administration                                     LEA
  Function (SPAF)
   – ADMF: Administration Function               Law Enforcement
   – Provisions Target’s ID in AF                 Administrative
                                                                               Function (CF)
                                                 Function (LEAF)
• Intercept Access Function/
  Point (AF/IAP)                                                    VSP/TTP
   – Intercepts Target’s communication
                                                 Service Provider
     unobtrusively                                                               Delivery
   – Mirrors & forwards call content             Function (SPAF)
                                                                               Function (DF)
     (media) to DF
   – Collects & forwards call data
     (signaling related information) to DF                            NSP
                                                                 Intercept Access
• Delivery Function (DF)                                            Function or
                                                                   Point (AF/IAP)
   – Collects & delivers call content &
     data from AF to Law Enforcement
   – Prevents unauthorized access,
     manipulation and disclosure of call
     content & data
                                             Target subscriber
       How Does CALEA Work?- Lawful intercept interfaces

• “a” interface: SPAF-AF-
                                                Law Enforcement       b
    – Target number                              Administrative
    – INI-1, X1                                                               Function (CF)
                                                Function (LEAF)
• “d” interface: AF-DF –               Order
  call identifying information                                                              e
    – Signaling related information
    – Call data events - Call Data Connection   Service Provider      c
      (CDC), INI-2                              Function (SPAF)
                                                                              Function (DF)
    – Encapsulated SIP - Intercept Related
      Information (IRI) X2                               a                              d
• “d” interface: AF-DF - call content
    – Media                                                     Intercept Access
                                                                   Function or
    – Call Content Connection (CCC),                              Point (AF/IAP)
      INI-3, X3
• e interfaces: handover to/from LEA
    – HI-1: LEAF-ADMF- legal order
    – CDC, HI-2: DF-CF – call data
                                            Target subscriber
    – CCC, HI-3: DF-CF – call content
Voice and video over IP
    – how it works
    Signaling messages
     SIP in UDP, TCP or SCTP
      INVITE + SDP(media options)

       OK + SDP(media selection)

      Voice media flows
             RTP in UDP
            RTCP in UDP

      Video media flows

   Non-Public Information; For Internal   24
                Use Only
   Types of interactive communications - voice, video, and
                     messaging - over IP

• One tier (centralized) services
   – Vonage, AT&T Callvantage, Primus Lingo, Pulver FWD
   – Registration (authentication & authorization), presence
     & routing centralized

• Two-tier service                                          ITSP/VoIP provider
   – Skype                                               responsible for intercept
   – Registration – centralized
   – Presence & routing distributed to subscriber endpoints –
     with public IP address

• Peer-to-peer
   – Users with global IP addresses
   – No VoIP provider/ITSP
                                                            Broadband ISP
   – Set up session peer-peer                           responsible for intercept
Intercept requires right level of intelligence and active participation
                               Media        Media
  Softswitch      Router      gateway       server       SBC

                     Signaling messages

                      Voice media flows

                      Video media flows
Media                       Session
gateway               LEA
+ softswitch         PSTN   controller

        AN1    AN2                       AN1               AN2

         A       B                         A                   B

Router                LEA   Media
+ softswitch                server                                    LEA

                            + softswitch

        AN1    AN2                       AN1               AN2

          A      B                         A               B
                                               Signaling           Media
                Internet Telephony Service Provider
•   Regulatory compliance – lawful intercept & emergency service (E911)
•   Security – SBC DoS protection, access control,
    topology hiding & privacy, VPN separation,
    service infrastructure DoS prevention,                                   Data Center
    fraud prevention                                               Database(s)

•   Service reach – adaptive NAT                     Accounting
    traversal; SIP, SIP-H.323 IWF;
    OLIP/VPN bridging; interworking:
    transport & encryption protocols                         SIP
•   SLA assurance – admission
    control: session agent
    load, bandwidth;                      Internet                                     Managed net
    peer-peer media release;
    app/media server load                                 SIP
    balancing QoS reporting                                                          SIP/H.323

•   Revenue & profit protection
    – routing, accounting

                                                                                 Signaling       Media
      Solution: Facilities-based HIP IC services – business & residential
• Regulatory compliance – lawful intercept & emergency service
• Security – SBC DoS protection, access control,
  topology hiding & privacy, VPN separation,
  service infrastructure DoS prevention,
  fraud prevention
• Service reach – SIP, MGCP/NCS,                       SIP
  H.248, SIP-H.323 PBX IWF; adaptive                                        H.248
  NAT traversal; OLIP/VPN bridging;                                 MGCP
  interworking: transport &
  encryption protocols; surrogate                                        DSL
  registration IP PBX & IAD                 MPLS VPN            Cable              Frame/LL
  endpoints                                            SIP          H.248

• SLA assurance –                                                                H.323
  admission control: session agent load, bandwidth,
  policy server, QoS metrics; peer-peer media release;
  QoS marking/mapping; QoS reporting
• Revenue & profit protection – bandwidth policing,
  QoS theft protection, accounting, session timers

                                                                     Signaling           Media
                Solution: Universities

• Regulatory compliance – lawful intercept            University network
• Security – access control (FW),
  topology hiding (NAPT), privacy,                   H.323 or       SIP endpoints
                                                     SIP PBX           /server
  VPN separation, IP PBX/endpoint
  DoS prevention, SBC DoS protection
• SLA assurance – admission control:
  IP PBX/SIP server constraints,                      SRTP
  bandwidth; QoS marking/VLAN
  mapping – voice vs. video;
  QoS reporting, bandwidth policing, accounting           SIP/TLS

• Service reach - VPN/OLIP                     Internet                   Managed
                                                                         SIP services
  bridging, SIP-H.323
  adaptive NAT traversal                     SOHO                    IP access to PSTN,
                                                                     hosted services,
                                                                     IP extranet,
                                                                     other IP subscribers
       Part III

  What’s Next?

Non-Public Information; For Internal   31
             Use Only
      Pending CALEA Activity
• Records Management
   – Mechanized System to Support the FBI with Accurate
     and Complete SSI Plan 7X24 Contact Information
• FBI/DOJ/DEA CDMA 2000 Standards Deficiency
   – Draft NPRM
• Adjudicate Section 107(b) and 109(b) Relief

                  Non-Public Information; For Internal    32
                               Use Only
Non-Public Information; For Internal   33
             Use Only

To top