VoIP and Broadband Internet Access Providers Face Upcoming CALEA Deadlines
Posted by K.C. Halm
In the next several months providers of interconnected Voice over Internet Protocol (VoIP) services and facilities-based broadband Internet access must become compliant with the Communications Assistance for Law Enforcement Act (CALEA). Enacted in 1994, CALEA imposes obligations on traditional wireline and wireless telephony service providers to design their networks to facilitate law enforcement surveillance of voice communications. However, in 2005 the Federal Communications Commission extended that obligation to providers of VoIP and facilities-based broadband Internet access services. Under the new regime, the scope of entities covered by CALEA is broader than in the past – specifically, in addition to VoIP services, providers of broadband Internet access services, including cable modem, DSL, satellite, wireless, fixed wireless, and broadband over powerline services, are now also subject to CALEA. Interestingly, the FCC defined “broadband” services are those with ability to support upstream or downstream speeds exceeding 200 kilobits per second (kbps) in the last mile.
The FCC issued a second decision in May, 2006 which established (among other things) that VoIP and broadband Internet access providers become CALEA-compliant by May 14, 2007. However, prior to that deadline there are several interim compliance deadlines for entities covered by the FCC’s new CALEA rules. First, all affected entities must file interim monitoring reports with the FCC. These reports (which must be made via the filing of FCC Form 445) are intended to provide the FCC and the Department of Justice with information as to which affected entities will, and will not, be in compliance by the May, 2007 deadline. These reports must be filed with the FCC no later than February 12, 2007.
Second, affected entities also must file with the FCC a systems security and integrity (SSI) plan that details the policies and procedures used to ensure compliance with the CALEA regulations promulgated by the FCC. This document must detail the VoIP or broadband Internet provider’s procedures to supervise and control employees responding to law enforcement surveillance requests; and to maintain secure and accurate records of each interception of communications or access to call-identifying information. These SSI plans must be filed no later than March 12, 2007. As noted, ultimate compliance must be achieved by May 14, 2007.
The FCC may take enforcement action under Section 229(a) of the Communications Act against entities that fail to comply with the CALEA obligations. CALEA contemplates that a non-compliant entity could be fined, after a court proceeding, up to $10,000 per day. But the FCC, in its May, 2006 order, concluded that it would be appropriate to convert CALEA violations into FCC rule violations. As a result, the maximum possible fine for violations of these rules could be as much as $130,000 per day with a maximum of $1,325,000 per violation. The potential consequences of non-compliance are therefore significantly greater under the FCC’s new regime than they were in the past.
The FCC’s decision to extend CALEA obligations to VoIP and broadband Internet providers was not without controversy, and several parties challenged the decision to the U.S. Court of Appeals for the D.C. Circuit. However, in an opinion issued in June of 2006 the appeals court affirmed the FCC’s decision to extend the reach of CALEA. The most controversial aspect of the FCC’s decision was its determination that it had the authority to impose CALEA obligations on broadband Internet services despite their classification as “information services” under the Communications Act. To support its conclusion the FCC relied on its finding that the definition of “telecommunications” under CALEA is broader than the definition of the same term under the Communications Act. Also, the FCC reasoned that unlike the Communications Act, CALEA does not mandate that an integrated service offering be considered as solely a “telecommunications service” or an “information service.”
Upon reaching these findings, the FCC concluded that the telecommunications components of information services (specifically switching and transmission functions that serve as a replacement for a substantial portion of the local telephone exchange service) may be “separated out” for regulatory purposes under CALEA. It then determined that only the “switching and transmission” components of modem service, which encompasses activities such as e-mail transmission, are subject to CALEA but not other aspects such as “e-mail storage,” “web-hosting,” “DNS functions,” or any other “ISP functionality.” However, though these findings were controversial, they were, as noted, upheld by the D.C. Circuit.