06-5954. Communications Assistance for Law Enforcement Act and Broadband Access and Services  

  • Start Preamble

    AGENCY:

    Federal Communications Commission.

    ACTION:

    Final rule.

    SUMMARY:

    This document addresses the assistance capabilities required, pursuant to section 103 of the Communications Assistance for Law Enforcement Act (CALEA) for facilities-based broadband Internet access providers and providers of interconnected Voice over Internet Protocol (VoIP). More generally, the Second Report and Order and Memorandum Opinion and Order (Second R&O and MO&O) specifies mechanisms to ensure that telecommunications carriers comply with CALEA. The MO&O denies in part and grants in part a petition for reconsideration and clarification filed by the United States Telecom Association (USTelecom) relating to the compliance date for broadband Internet access providers and providers of interconnected VoIP.

    DATES:

    Effective August 4, 2006, except for §§ 1.20004 and 1.20005, which contain information collection requirements that have not been approved by the Office of Management and Budget. The Federal Communications Commission will publish a document in the Federal Register announcing the effective date of these sections.

    Start Further Info

    FOR FURTHER INFORMATION CONTACT:

    Rodney Small, Office of Engineering and Technology, (202) 418-2452, e-mail: Rodney.Small@fcc.gov.

    End Further Info End Preamble Start Supplemental Information

    SUPPLEMENTARY INFORMATION:

    This is a summary of the Commission's Second Report and Order and Memorandum Opinion and Order, ET Docket No. 04-295, FCC 06-56, adopted May 3, 2006, and released May 12, 2006. The full text of this document is available for inspection and copying during normal business hours in the FCC Reference Center (Room CY-A257), 445 12th Street, SW., Washington, DC 20554. The full text of this document also may be purchased from the Commission's copy contractor, Best Copy and Printing, Inc., Portals II, 445 12th Street, SW., Room CY-B402, Washington, DC 20554, telephone (202) 488-5300; fax (202) 488-5563; e-mail at FCC@BCPIWEB.COM.

    Summary of the Second Report and Order and Memorandum Opinion and Order

    Overview

    1. Telecommunications industry standard-setting bodies, working in concert with law enforcement agencies (LEAs) and other interested parties, are developing technical requirements and solutions for facilities-based broadband Internet access providers and providers of interconnected VoIP. We conclude that, absent the filing of a deficiency petition under CALEA section 107(b), it would be premature for the FCC to intervene in the standards development process. Additionally, we permit all carriers providing facilities-based broadband Internet access and interconnected VoIP services until May 14, 2007 to come into compliance with CALEA. Further, we require that all carriers providing facilities-based broadband Internet access and interconnected VoIP service to submit interim reports to the Commission to ensure that they will be CALEA-compliant by May 14, 2007. We also require that all facilities-based broadband Internet access and interconnected VoIP providers to whom CALEA obligations were extended in the First Report and Order (First R&O) in this proceeding come into compliance with the system security requirements in our rules within 90 days of the effective date of this Second R&O.

    2. More generally, we specify mechanisms to ensure that telecommunications carriers comply with CALEA. Specifically, under the express terms of the statute, all carriers subject to CALEA are obliged to become CALEA-compliant. We find that sections 107(c) and 109(b) of CALEA provide only limited and temporary relief from compliance requirements, and that they are complementary provisions that serve different purposes, which are, respectively: (1) Extension of the CALEA section 103 compliance deadline for equipment, facility, or service deployed before October 25, 1998; and (2) recovery of CALEA-imposed costs. We also conclude that, in addition to the enforcement remedies through the courts available to LEAs under CALEA section 108, we may take separate enforcement action against carriers that fail to comply with CALEA. Moreover, we conclude that carriers are generally responsible for CALEA development and implementation costs for post-January 1, 1995 equipment and facilities.

    Background

    3. In March 2004, the Department of Justice (DOJ), the Federal Bureau of Investigation (FBI), and the Drug Enforcement Administration (DEA) (collectively, Law Enforcement) filed with the Commission a petition for expedited rulemaking, requesting that we initiate a proceeding to resolve various outstanding issues associated with the implementation of CALEA. We responded in August 2004 by issuing a Notice of Proposed Rulemaking (NPRM) (69 FR 56976, September 23, 2004) and Declaratory Ruling in this proceeding. The NPRM examined issues relating to the scope of CALEA's applicability to packet-mode services, such as broadband Internet access, and implementation and enforcement issues.

    4. In September 2005, the First R&O (70 FR 59664, October 13, 2005) concluded that CALEA applies to facilities-based broadband Internet access providers and providers of interconnected VoIP service, and the concurrent Further Notice of Proposed Rulemaking (70 FR 59704, October 13, 2005) sought comment on whether CALEA obligations should be extended to providers of other types of VoIP services and on whether something less than full CALEA compliance should be required of certain classes or categories of facilities-based broadband Internet access providers. The First R&O stated: “In the coming months, we will release another order that will address separate questions regarding the assistance capabilities required of the providers covered by today's Order pursuant to section 103 of CALEA. This subsequent order will include other important issues under CALEA, such as compliance extensions and exemptions, cost recovery, identification of future services and entities subject to CALEA, and enforcement.” The Second R&O addresses these questions and issues and specifies what telecommunications providers must do to facilitate electronic surveillance of their equipment, facilities, and services by LEAs, pursuant to court orders or other lawful authorization.

    5. In this Second R&O, we first examine the obligations of facilities-based broadband Internet access and interconnected VoIP providers to Start Printed Page 38092implement CALEA compliance solutions under section 103 of the statute, including solutions based on either CALEA “safe harbor” standards or the use of trusted third parties (TTPs). We next examine the scope of relief available to telecommunications carriers pursuant to CALEA sections 107(c) and 109(b), issue new guidelines to govern the filing and evaluation of petitions associated with those rule sections, and dispose of pending section 107(c) petitions. Third, we address CALEA enforcement issues, both generally and with specific regard to facilities-based broadband Internet access and interconnected VoIP providers, including the filing of reports by these providers to ensure their timely compliance with the assistance capability requirements of CALEA section 103. Fourth, we examine CALEA cost issues and specify cost recovery mechanisms for wireline, wireless, and other telecommunications carriers. Fifth, we specify a date for facilities-based broadband Internet access and interconnected VoIP providers to comply with CALEA system security requirements. Finally, we address the CALEA compliance obligations of providers of future telecommunications services and technologies.

    A. Requirements and Solutions

    6. In this proceeding, we have explored the complexity of the technical issues regarding packet technologies to ensure that broadband Internet access and VoIP providers can comply with CALEA and not compromise the ability of LEAs to receive the information to which they are entitled under the statute. Specifically, as discussed in detail, we probed the capabilities of broadband Internet access and VoIP providers to extract CII and provide it to LEAs under CALEA, and inquired about compliance solutions for these providers based upon either CALEA “safe harbor” standards or the use of TTPs. The record demonstrates that Law Enforcement and industry have made progress toward the goal of achieving successful implementation of CALEA with regard to the deployment of packet technologies by broadband Internet access and VoIP providers, but this is an ongoing process. Although section 107(b) of CALEA allows the Commission, upon petition, to establish rules, technical requirements or standards necessary for implementing section 103 if any entity believes that industry-created requirements or standards are deficient, CALEA clearly provides that LEAs and industry work together in the first instance to formulate CALEA compliance standards. Accordingly, we will continue to monitor developments in this area as Law Enforcement and industry continue working together, primarily through various standards organizations, to develop long-term solutions to these complex technical issues. We also determine that all carriers providing facilities-based broadband Internet access and interconnected VoIP services must be in compliance with section 103 of CALEA by May 14, 2007.

    1. CALEA Obligations Under Section 103

    7. Background. Section 103(a)(1) of CALEA requires telecommunications carriers to establish the capability of providing to LEAs call content information, pursuant to a court order or other lawful authorization; and section 103(a)(2) of CALEA requires telecommunications carriers to establish the capability of providing to LEAs reasonably available CII, pursuant to a court order or other lawful authorization. In the Second R&O, we discuss a carrier's obligations under section 103 and compliance solutions as they relate to broadband Internet access and interconnected VoIP services.

    8. CALEA defines CII as “dialing or signaling information that identifies the origin, direction, destination, or termination of each communication generated or received by a subscriber by means of any equipment, facility, or service of a telecommunications carrier,” but CALEA does not define “origin,” “direction,” “destination,” or “termination.” The Commission has adopted definitions of the component terms (origin, direction, destination, and termination) in the statutory definition of CII in addressing petitions regarding standards for circuit switched networks in J-STD-025. However, as noted above, packet technologies are substantially different from the circuit switched technologies that were the primary focus of the Commission's earlier decisions on CALEA. Accordingly, in the NPRM, we sought comment on whether the Commission should clarify the statutory term “call-identifying information” for broadband Internet access and VoIP services. We asked commenters to provide specific suggestions for these definitional issues.

    9. We also invited comment as to how the Commission should apply the term “reasonably available” to broadband Internet access. We observed that the Commission has previously determined that information may not be “reasonably” available in circuit switched networks if the information is accessible only by significantly modifying a network, and further observed that cost concerns are best addressed as part of a section 107(c) analysis. We tentatively concluded that we should apply the same “reasonably” available criteria to broadband Internet access and VoIP providers; i.e., information may not be reasonably available to those providers if it is accessible only by significantly modifying their networks. However, we recognized that, when looking at those providers' service architectures, it is not always readily apparent where CII is available. Accordingly we sought comment on these related issues, such as instances in which CII may be reasonably available from either a broadband Internet access provider or a VoIP provider, but not from both. We stated that, if the information is reasonably available from both, we would expect that both would have a CALEA obligation with respect to that information and would work cooperatively with each other and with the LEA to provide the LEA with all required information.

    10. Discussion. A number of parties commented generally on the Commission's authority to intervene in the development of CALEA technical standards. Cingular notes that the U.S. Court of Appeals for the District of Columbia Circuit (D.C. Circuit) stated: “* * * Congress gave the telecommunications industry the first crack at developing standards, authorizing the Commission to alter those standards only if it found them ‘deficient.’ ” Cingular and many other parties conclude that the Commission must defer to the efforts of industry standards bodies to formulate standards, absent the filing of a petition under section 107(b) with the Commission.

    11. With regard to the availability of CII in broadband access and VoIP networks, commenters generally agree that different information is available to different service providers, and that different parts of that information are “reasonably available” to different service providers. However, several parties identify situations in which, they contend, a broadband Internet access provider would not reasonably be able to extract CII used by non-affiliated VoIP providers. With regard to the Commission's tentative conclusion that CII may be reasonably available to a broadband access or VoIP provider as long as that provider's network does not have to be significantly modified, some parties argue that this standard is inappropriate for Internet applications. DOJ expresses particular concern about the Commission using cost considerations to decide what is Start Printed Page 38093“reasonably available” because, DOJ asserts, the Commission could mistakenly excuse an entire class of carriers from delivering a capability, even though only one or two carriers qualify for such relief based on non-technical considerations. However, industry commenters strongly disagree with DOJ regarding the exclusion of cost considerations from a “reasonably available” inquiry.

    12. We note the D.C. Circuit's opinion referenced by Cingular, as well as the comments of both DOJ and the telecommunications industry that express concern about Commission intervention in the continuing work by Law Enforcement and industry to develop CALEA technical standards for broadband Internet access and VoIP services. Addressing analogous circumstances, the Court explained that such intervention “would weaken the major role Congress obviously expected industry to play in formulating CALEA standards.” In the course of developing standards for CALEA compliance by broadband Internet access and VoIP providers, we expect that industry standard-setting bodies, working in concert with Law Enforcement and other interested parties, will develop an appropriate definition of “call-identifying information” in the context of broadband Internet access and VoIP networks as well as an appropriate definition of what constitutes either “reasonable availability” of CII in such networks or a “significant modification” of such networks. If this process proves unsatisfactory, any interested party may submit to the Commission a deficiency petition under CALEA section 107(b). We thus take no action on these issues at this time.

    13. The First R&O in this proceeding established a CALEA compliance date of May 14, 2007 for newly covered entities and providers of newly covered services. USTelecom asked that this date be extended until 18 months from the effective date of this Second R&O, and also asked the Commission to identify specifically all broadband Internet access services subject to the compliance date. To eliminate any possible confusion, we conclude that the public interest will be best served by applying the May 14, 2007 compliance date to all facilities-based broadband Internet access and interconnected VoIP services. We agree with USTelecom that applying the compliance date uniformly to these services is consistent with the policy objectives identified in the First R&O. We find that applying the same compliance dates to all providers of facilities-based broadband Internet access and interconnected VoIP services will avoid any skewing effect on competition and will prevent migration of criminal activity onto networks with delayed compliance dates.

    14. One firm date establishes a clear goal for all carriers, equipment manufacturers, and law enforcement that must cooperate in the process of identifying, implementing and deploying solutions. One firm date also should encourage all interested parties to move quickly to develop solutions which, in turn, will benefit smaller carriers who face greater challenges in complying with CALEA in the absence of standards and the availability of compliant equipment in the marketplace. Thus, we reject suggestions for different compliance deadlines for VoIP and broadband Internet access services, or linking compliance deadlines to certain events or criteria, such as the development of standards, a Commission decision that a service provider is subject to CALEA, or carrier size.

    15. We also find that May 14, 2007 is a reasonable time period for compliance with the section 103 requirements. We note, at the outset, that VoIP standards for CALEA are nearing or are at completion for various technologies. Thus, manufacturers and carriers are in a good position to implement and deploy solutions for VoIP by that date, even though we recognize that VoIP providers who plan a nationwide deployment will need to incorporate a CALEA solution into numerous routers or servers or negotiate arrangements with numerous interconnecting carriers. We similarly conclude that providers of broadband Internet access services should be able to comply with section 103 by May 14, 2007. Although standards for newer broadband Internet access technologies are yet to be developed, especially regarding the delivery of CII, we note that full content surveillance has already been addressed by standards groups for certain older technologies and some carriers may be able to rely on “passive” techniques (e.g., using probes at certain points throughout their network) to implement surveillance. Other factors should facilitate carrier compliance by that date. For example, some solutions will be software based, and thus carriers will not necessarily have the burden of deploying new equipment to come into compliance. Further, facilities-based broadband Internet access and VoIP services interconnect with the public Internet and public switched telephone network (PSTN), respectively. Thus, broadband access architectures and protocols are compatible with standards used for the Internet and VoIP architectures and protocols are compatible with standards used for the PSTN, providing a foundation upon which CALEA solutions for broadband access and VoIP services can be developed.

    2. Compliance Solutions Based on CALEA “Safe Harbor” Standards

    16. Background. In the NPRM, the Commission invited comment on a variety of industry standards for packet-mode technologies to determine whether any of these standards are deficient and thus preclude carriers, manufacturers, and others from relying on them as “safe harbors” in complying with section 103 of CALEA. We noted that, over the past several years, various organizations have been developing standards for various types of packet technologies that support a variety of applications used in both wireline and wireless networks. We stated that these standards could serve, pursuant to section 107(a) of CALEA, as safe harbors for section 103 compliance by telecommunications carriers. Section 107(a) is titled “Safe Harbor” and subsection 107(a)(2) provides: “A telecommunications carrier shall be found to be in compliance with the assistance capability requirements under section 103, and a manufacturer of telecommunications transmission or switching equipment or a provider of telecommunications support services shall be found to be in compliance with section 106, if the carrier, manufacturer, or support service provider is in compliance with publicly available technical requirements or standards adopted by an industry association or standard-setting organization, or by the Commission under subsection (b), to meet the requirements of section 103.” We noted that the standards process is ongoing in several different venues, with some standards already having undergone modification and new ones under development, and that compliance with a safe harbor standard is not required by CALEA.

    17. In the NPRM, we also noted Law Enforcement's assessment that packet-mode standards that have been published are deficient. We stated our belief that underlying this assessment are Law Enforcement's assumptions that the definition of CII can be clearly applied to packet networks, that information so identified is “reasonably available” to the carrier, and that the provision of the information to LEAs by the carrier is “reasonably achievable.” We further noted that the Telecommunication Industry Association disagrees with Law Enforcement's assessment. We asked Start Printed Page 38094parties to comment on industry standards for packet-mode technologies in an attempt to determine whether any of these standards are deficient and thus preclude carriers, manufacturers, and others from relying on them as safe harbors in complying with section 103. We made clear, however, that we did not intend to inhibit the ongoing work by standards organizations, carriers, and manufacturers to develop and deploy CALEA-compliant facilities and services. We recognized that CALEA provides that carriers and others may rely on publicly available technical requirements or standards adopted by an industry association or standard-setting organization to meet the requirements of section 103, unless the Commission takes specific action in response to a petition.

    18. In the NPRM, therefore, we invited comment as to whether there is any need to define what constitutes publicly available technical requirements or standards adopted by an industry association or standard-setting organization, and sought comment regarding the appropriateness of available standards and specifications to be used as safe harbors for packet-mode technologies for purposes of CALEA. We observed that it appears that any group or organization could publish a set of technical requirements or standards and claim it to be a safe harbor, and we requested comment on whether we should define what constitutes publicly available technical requirements or standards adopted by an industry association or standard setting organization. We also sought comment on the appropriate format to be used for the transmission of CII data to LEAs. We noted that, when broadband telephony (including VoIP) CII is provided to LEAs, they may have concerns with the format of the electronic interface used to provide the CII. We requested comment on whether the CII should be converted into a format preferred by LEAs.

    19. Discussion. No specific deficiencies in any packet-mode standard were cited by any commenter. Rather, there was a consensus to allow the standards process to proceed and to resolve issues with deficiency petitions. In fact, both industry commenters and DOJ note the appropriateness of this process. Further, industry commenters observe that Law Enforcement has not filed a deficiency petition with respect to any packet-mode standard. Similarly, with regard to whether the Commission should seek to determine the industry bodies that are appropriate to generate safe harbor standards, there is broad consensus in the record that we should not. Finally, with regard to the issue of the format of CII to be provided to LEAs, there was a difference of opinion among commenters as to whether a single format is appropriate, but no one recommended that the Commission determine this issue in advance of industry.

    20. We found that it would be premature for the Commission to pre-empt the ongoing industry process to develop additional standards for packet-mode technologies. We believe that industry organizations, whose meetings are generally open to all interested parties—including LEAs—can best develop those standards, just as they previously developed circuit switched standards. Further, given the diversity of technologies supporting communications services and the breadth of organizations involved both domestically and internationally in developing packet-mode standards, we find it both infeasible and inappropriate to specify the organizations qualified to develop standards that may be used as “safe harbors.” Finally, we find no reason to become involved at this time in the technically complex issue of determining the appropriate format to be used for the transmission of broadband CII data to LEAs. Rather, for all of these technical issues, we find that the industry standards process remains the preferred forum. We note again, however, to the extent that any party perceives a problem with an industry developed packet-mode standard, it may file with the Commission a deficiency petition under section 107(b) of CALEA.

    3. Compliance Solutions Based on a Trusted Third Party

    21. Background. In the NPRM, we sought comment on the feasibility of using a TTP approach to extract CII and content from packets. Under this approach, a TTP would operate a service bureau with a system that has access to a carrier's network equipment and remotely manage the intercept process for the carrier. We noted that the TTP could either rely on a mediation device to collect separated call content and CII from various points in the carrier's network and deliver the appropriate information to a LEA, or could rely on an external system to collect combined call content and CII and deliver appropriate information to the LEA. In the NPRM, we focused on the external system approach which, we noted, could analyze the combined information and provide the LEA only that information to which it is entitled. We sought comment on whether an external system would be an efficient method to extract information from packets. We stated that external systems might provide economies of scale for small carriers, and asked about the approximate relative costs of internal versus external systems for packet extraction.

    22. The record indicates that TTPs are available to provide a variety of services for CALEA compliance to carriers, including processing requests for intercepts, conducting electronic surveillance, and delivering relevant information to LEAs. Given the effectively unanimous view of commenters that the use of TTPs should be permitted but not required, we conclude that TTPs may provide a reasonable means for carriers to comply with CALEA, especially broadband access and VoIP providers and smaller carriers. We emphasize, however, that if a carrier chooses to use a TTP, that carrier remains responsible for ensuring the timely delivery of CII and call content information to a LEA and for protecting subscriber privacy, as required by CALEA. Thus, a carrier must be satisfied that the TTP's processes allow the carrier to meet its obligations without compromising the integrity of the intercept. Carriers will not be relieved of their CALEA obligations by asserting that a TTP's processes prevented them from complying with CALEA. We note DOJ's concern about carriers attempting to use TTPs to shift costs to LEAs, but we make no decision here that would allow carriers who choose to use a TTP to shift the financial responsibility for CALEA compliance to the Attorney General under section 109 (see discussion on cost recovery, in the Second Report and Order). We will evaluate whether the availability of a TTP makes call-identifying information “reasonably” available to a carrier within the context of section 103 in acting on a section 109 petition that a carrier may file (see discussion on section 109 petitions, in the Second Report and Order). As noted by several commenters, telecommunications carriers and manufacturers have legally-mandated privacy obligations, and we take no action herein to modify those obligations based on potential broadband access and VoIP provider use of TTPs. Finally, in accord with the consensus of comments, we will defer to standards organizations and industry associations and allow them to determine the degree to which the ability of a TTP external system to extract and isolate CII makes that information reasonably available for purposes of defining CALEA standards and safe harbors. Start Printed Page 38095

    B. Sections 107(c) and 109(b) Petitions

    23. In the Second Report and Order, we address the scope of relief available to telecommunications carriers pursuant to CALEA sections 107(c)(2) and 109(b); clarify guidelines to govern the filing and evaluation of petitions filed under these two sections; and dispose of pending section 107(c)(2) petitions. Under the express terms of the statute, all telecommunications carriers subject to CALEA must comply with its mandate. Sections 107(c) and 109(b) provide only limited and temporary relief from CALEA compliance requirements; they are “complementary provisions that serve different purposes.”

    24. Due to the time limitations set forth in the CALEA statute, telecommunications carriers may not use section 107(c)(1) to obtain extensions of the compliance deadline in connection with most packet services. We find that it would be inconsistent with the express time limitations of section 107(c) for the Commission to grant 107(c) extension relief to equipment, facilities or services deployed after the effective date of CALEA pursuant to other CALEA provisions, section 229 of the Communications Act, or section 706 of the Telecommunications Act of 1996. We also find that, to obtain section 109(b)(1) relief, in connection with a given assistance capability requirement under section 103, a telecommunications carrier must demonstrate that it undertook active and sustained efforts to come into compliance with that requirement, and that compliance could not reasonably be achieved without “significant difficulty or expense.” As a result, telecommunications carriers filing section 109(b) petitions face a high burden to obtain relief.

    25. In the case of packet-mode compliance requirements addressed in this Second R&O, we expect that telecommunications carriers will work diligently until the end of the 18-month compliance period, established in the First R&O, to implement an appropriate packet-mode CALEA solution. Once the compliance period expires, telecommunications carriers seeking relief pursuant to section 109(b) will be expected to document the efforts they undertook throughout the 18-month compliance period to achieve CALEA compliance and to demonstrate how the solution for which they wish to receive cost recovery relief constitutes a “significant difficulty or expense.” Because section 109(b) is not a compliance extension device, however, the filing of a section 109(b) petition will not, by itself, toll the compliance date.

    26. Specifically, in this section, we find that:

    • Section 107(c)(1) may not be used by telecommunications carriers seeking extensions for equipment, facilities, and services (hereinafter “facilities”) deployed on or after October 25, 1998 (the effective date of the CALEA section 103 and 105 requirements).
    • Section 109(b)(1) does not itself authorize the Commission to grant a telecommunications carrier an extension of the CALEA compliance deadlines.
    • Section 109(b)(1) imposes a high burden of proof for telecommunications carriers to demonstrate that they made reasonable efforts to develop CALEA solutions and that none of them are reasonably achievable. In the absence of CALEA compliance standards or industry solutions, a petitioner must demonstrate that it exercised a high degree of due diligence in order to develop its own solution, but was unable to implement this solution because of a “significant difficulty or expense.”
    • Office of Management and Budget (OMB) approval of the paperwork collection requirements of this Second Report and Order is required. Once approval is received, we will issue a public notice setting forth a deadline that will require all telecommunications carriers who have pending section 107(c)(1) petitions currently on file with the Commission to inform the Commission whether, pursuant to our actions taken here, such petitions concern “equipment, facilities, or services” deployed prior to October 25, 1998.
    • Once OMB approval is received, we will issue a public notice setting forth a deadline that will require all telecommunications carriers providing facilities-based broadband Internet access or interconnected VoIP services to file monitoring reports with the Commission that briefly describe steps that they are taking to come into compliance with CALEA section 103. We also will issue a public notice to notify carriers of OMB approval of paperwork collection requirements for filing petitions under sections 107(c) and 109(b).

    1. Section 107(c)(1) Relief

    a. Section 107(c)(1) Does Not Apply to Any Equipment, Facility, or Service Deployed On or After October 25, 1998

    27. We adopt our tentative conclusion that section 107(c)(1)'s unambiguous language expressly limits extensions to cases where the petitioning telecommunications carrier proposes to install or deploy, or has installed or deployed, its “ ‘equipment, facility, or service prior to the effective date of section 103 * * *,' i.e., prior to October 25, 1998.” Given this limitation, a section 107(c) extension is not available to cover equipment, facilities, or services installed or deployed on or after October 25, 1998. Commenters failed to present any other reasonable way to read this section, and we reject arguments by commenters that the Commission should nonetheless ignore Congress's limited grant of authority to entertain CALEA extension petitions and look to other statutes for authority to grant extensions for facilities deployed after Congress's cut-off date.

    28. We reject commenters' argument that the Commission could entertain extension petitions pursuant to statutes other than section 107(c), including CALEA section 109(b)(1) and section 706 of the Telecommunications Act of 1996. While we agree that section 107(c)(1) does not appear to prohibit the Commission from exercising authority under another statute, we find it unlikely that Congress intended the Commission to do so. The language of section 107(c)(1) is very specific as to what equipment, facilities, and services are covered. Congress determined that, effective October 25, 1998, telecommunications carriers should incorporate a CALEA compliance plan into the design of any new facilities deployments in so far as they are not exempt from CALEA. To the extent that, in hindsight, after exercising due diligence, a specific CALEA compliance plan was not reasonably achievable due to a “significant expense” or “significant harm,” telecommunications carriers could then seek relief pursuant to section 109(b)(1). Therefore, in designing sections 107(c)(1) and 109(b)(1), Congress appears to have balanced carefully what it found to be a reasonable compliance period against a firm deadline for CALEA compliance. If Congress had intended for the Commission to continue granting extension petitions after October 25, 1998, we find it unlikely that Congress would have placed the time limitations in section 107(c)(1).

    29. To interpret other statutes to grant the Commission CALEA extension authority would undermine Congress's intent that, after a reasonable compliance period, all telecommunications carriers would comply with their lawful CALEA obligations. Thus, we reject commenters' arguments that CALEA Start Printed Page 38096section 109(b)(1), section 706 of the Telecommunications Act of 1996, and section 229(a) of the Communications Act provide the Commission with authority to grant extension petitions for facilities deployed on or after October 25, 1998. First, although we believe that the Commission has broad discretion under CALEA section 109(b)(1)(K) to impose conditions on relief granted by that section, we disagree with Global Crossing that the Commission should use that section to grant extension relief given the express limitation in section 107(c)(1). Second, we disagree with OPASTCO that the Commission should employ section 706 as overriding statutory authority, because we find that section 706's directive that the Commission encourage the deployment of “advanced telecommunications capability” is consistent with a criterion that the Commission must examine in a section 109(b)(1) petition. Because section 109(b)(1) directs the Commission to balance this one policy objective against 10 other factors, we decline to rely solely on one factor to the exclusion of all others. Third, we disagree with commenters who argue that the Commission has broad authority to entertain extension petitions under section 229(a) of the Communications Act, which is the provision that grants the Commission authority to implement CALEA. We believe that, where Congress has specifically limited Commission extension authority in the CALEA statute itself, it would be inappropriate to employ section 229(a) to nevertheless find this authority.

    b. Contents of Section 107(c)(1) Petitions

    30. We note that participation in the FBI's Flexible Deployment Program has permitted even small and rural telecommunications carriers to work with LEAs to develop circuit-mode CALEA compliance solutions. Packet-mode telecommunications carriers, however, are still in a much earlier stage of CALEA deployment. Our finding today that section 107(c)(1) is not available for facilities deployed on or after October 25, 1998 will compel most of these telecommunications carriers to implement CALEA compliant solutions. To the extent that telecommunications carriers deployed packet-mode facilities prior to this date, we expect those telecommunications carriers to follow the guidelines set forth below for section 107(c)(1) petitions.

    31. Telecommunications carriers that deployed circuit-mode facilities prior to October 25, 1998. For this class of telecommunications carriers, we adopt the NPRM's proposal that petitions contain (1) an explanation for why an extension is necessary, (2) a compliance plan setting forth specific dates for compliance no later than two years after the petition's filing date, (3) a description of petitioner's “due diligence” attempts to become CALEA compliant since June 30, 2002, and (4) information satisfying the information requests attached in Attachment F of the Second Report and Order. Such information will enable us to better evaluate whether a telecommunications carrier merits an extension. We decline to adopt our tentative proposal that a circuit-mode telecommunications carrier that participates in the FBI's Flexible Deployment Program should be deemed de jure to meet the section 107(c)(1) standard. Upon consideration of its comments, we agree with DOJ that section 107(c) requires more than enrollment in Flex Deployment. We will consider enrollment plus the other items included in our instructions in determining whether section 107(c) relief is appropriate. As in the past, upon the filing of a section 107(c)(1) petition, we will continue to grant a provisional extension for a period of two years unless or until we issue an order that states otherwise.

    32. We reject assertions that our section 107(c)(1) approach is overly burdensome. We interpret section 107(c)(1) so that telecommunications carriers may minimize the statutory burden themselves if they proactively seek CALEA solutions. Commenters argue that telecommunications carriers, especially small ones, face particular challenges, including, for example, lack of clout to negotiate with manufacturers and lack of resources. We find that section 107(c) allows us to take into account the particular situation of a telecommunications carrier, including its bargaining power and financial resources, when analyzing whether CALEA compliance is “not reasonably achievable through application of technology available within the compliance period.”

    33. Telecommunications carriers that deployed packet-mode facilities prior to October 25, 1998. We adopt the NPRM's proposal that, to obtain an extension of time, a packet mode telecommunications carrier must provide documentation setting forth (1) an explanation why an extension of time is necessary, (2) a compliance plan including specific dates for compliance no later than two years after the petition's filing date, (3) a description of petitioner's “due diligence” attempts to become CALEA compliant since November 19, 2001, i.e., the date mandated for packet-mode CALEA compliance by the Commission's September 28, 2001 Public Notice, and (4) information satisfying the information requests in Attachment F of the Second Report and Order. Other than arguments of burden, commenters failed to provide convincing evidence or arguments to show why the Commission should depart from its proposal in the NPRM.

    2. Section 109(b)(1) Relief

    34. We affirm the NPRM's tentative conclusions that “Congress anticipated that section 109(b)(1) would be used in extraordinary cases by telecommunications carriers facing particularly high CALEA-related costs and difficulties.” We first describe the scope of relief granted under section 109(b)(1) and its relationship to other CALEA provisions. Second, we find that a petitioner must meet a high burden of proof to satisfy section 109(b)(1) and may not use the absence of available solutions as the sole basis for section 109(b)(1) relief. Third, we find that a petitioner must exercise due diligence to present a specific solution or a pathway designed to reach a specific solution. Finally, we explain how we will weigh section 109(b)(1)'s eleven factors in evaluating a petition.

    a. Scope of Section 109(b)(1) Relief and Its Relationship to Other CALEA Sections

    35. Section 109(b)(1) relief shifts the burden of paying for a specific CALEA solution to DOJ. Section 109(b)(1) is a mechanism for a telecommunications carrier to recover CALEA compliance costs from DOJ if the telecommunications carrier can demonstrate that compliance with CALEA capability requirements is not “reasonably achievable.” Section 109(b)(1) defines “reasonably achievable” to mean that compliance would impose a “significant difficulty or expense” on the telecommunications carrier. If the Commission grants a section 109(b)(1) petition, the only relief that a telecommunications carrier receives is the following: the telecommunications carrier may, pursuant to section 109(b)(2)(A), request DOJ to pay for the additional reasonable costs for making CALEA compliance reasonably achievable. DOJ may then agree to pay for these costs. If DOJ declines to pay for these costs, then the telecommunications carrier “shall be deemed to be in compliance” with the capability requirements for the equipment, facilities, and/or services that were the subject of the section 109(b)(1) petition. Start Printed Page 38097

    36. Section 109(b)(1) neither compels a telecommunications carrier to adopt a specific CALEA solution nor requires DOJ to pay for the telecommunications carrier's preferred solution. As discussed above, under section 103, a telecommunications carrier is entitled to implement whatever solution it believes best suits its network needs. However, to recover costs from DOJ, a telecommunications carrier must satisfy the obligations set forth in section 109(b)(1). This means that the telecommunications carrier must demonstrate that compliance would impose a significant difficulty or expense. If there is a reasonable means of compliance available, even if it is not the telecommunications carrier's preferred solution, then the Commission may find that a less expensive, alternative solution would not impose a significant difficulty or expense and deny the petition. Section 109(b)(1) makes no reference to the solution preferences of a telecommunications carrier—rather it focuses on whether compliance with section 103 would impose a “significant difficulty or expense.” A telecommunications carrier that fails to make this showing may not request payment from DOJ. If, on the other hand, the Commission finds that compliance is not reasonably achievable within the meaning of section 109(b), DOJ has the option to pay the appropriate costs of whatever compliance solutions DOJ deems appropriate.

    37. Section 109(b)(1) relief terminates when the equipment, facilities or services undergo a substantial replacement, modification or upgrade. A section 109(b)(1) petition must explain with specificity the equipment, facility, or service for which the petitioner seeks relief. The Commission's order granting section 109(b)(1) relief will specify what equipment, facility, and/or service is covered by the order. Once that equipment, facility, or service is replaced, significantly upgraded or otherwise undergoes major modification, the carrier is no longer relieved of its CALEA obligations and the replacement must comply with section 103. To obtain section 109(b)(1) relief for the modified equipment, the telecommunications carrier would have to file a new section 109(b)(1) petition.

    38. Section 109(b)(1) relief does not include extensions of time. Section 109(b)(1) is a cost recovery vehicle. Section 107(c)(1) is the CALEA provision that addresses extensions of time. Congress determined that telecommunications carriers cannot seek extension relief for facilities deployed on or after October 25, 1998.

    b. The Section 109(b)(1) Burden of Proof

    39. We affirm the NPRM's tentative conclusion that a telecommunications carrier faces a high burden of proof in order to be relieved of its obligations to pay for CALEA compliance. Specifically, section 109(b)(1) requires a petitioner to demonstrate, with respect to each section 103 assistance capability requirement for which it seeks relief, that it has examined all possible solutions and that all of these solutions would impose a significant difficulty or expense on the petitioner. This means that if the Commission is aware of a CALEA solution that the telecommunications carrier has not explored and covered in its petition, the Commission will likely dismiss the section 109(b)(1) petition as prima facie insufficient. In its petition, the telecommunications carrier must explain with specificity the possible CALEA solution and the significant difficulty or expense that that solution would impose on the telecommunications carrier so that the Commission and later DOJ may render their respective determinations, under sections 109(b)(1) and 109(b)(2)(A). We adopt the tentative conclusion in the NPRM that telecommunications carriers may not rely solely on the absence of industry standards and solutions under section 109(b)(1)(K) as a basis for section 109(b)(1) relief.

    40. We further adopt our tentative conclusion that a section 109(b)(1) petition must seek relief for “precisely identified ‘equipment facilities, or services.’ ” In this regard, a petitioner must describe with specificity how, in its due diligence, the telecommunications carrier made reasonable efforts to identify a specific solution or a pathway to a specific solution. Without this showing, the Commission will have no factual basis to evaluate whether a telecommunications carrier has satisfied the requirements of section 109(b).

    41. In addition, to the extent that multiple solutions to a particular CALEA capability requirement exist, the petitioner must demonstrate that it would suffer significant difficulty or expense if it were to implement any of them. We believe that the statute requires this showing for at least two reasons. First, the inquiry under section 109(b)(1) is whether CALEA compliance imposes a specific harm, not whether a telecommunications carrier is unable to institute its solution of choice. If alternative, less expensive solutions exist that are reasonably achievable, then the telecommunications carrier is not entitled to a section 109(b)(1) determination that CALEA compliance would impose a significant difficulty or expense. Second, it would be unreasonable to read the statute to require DOJ to pay the costs for a more expensive solution if a less expensive solution exists. If multiple solutions exist, DOJ should have the option to pay for the least expensive one available.

    c. Petitioner Due Diligence Requirement

    42. In the NPRM, the Commission tentatively concluded that section 109(b)(1) petitioners will be expected to demonstrate active and sustained efforts at developing and implementing CALEA solutions for their operations, i.e., regardless of whether CALEA solutions for packet-mode are generally available. We explained this “due diligence” showing as requiring petitioners to submit detailed information about discussions and negotiations with switch manufacturers, other equipment manufacturers, and TTPs, both before and after the FBI announced the termination of the Flexible Deployment Program in connection with packet-mode technology. We tentatively concluded that unless we are persuaded that petitioners have engaged in sustained and systematic negotiations with manufacturers and third-party providers to design, develop, and implement CALEA solutions, we should reject submitted petitions.

    43. Many commenters disagreed with our analysis and conclusions, but none persuasively demonstrated that section 109(b)(1) excludes consideration of due diligence and none persuaded us that consideration of due diligence is unnecessary for a proper interpretation and application of section 109(b)(1). Basically, the due diligence requirement is necessary to ensure that telecommunications carriers demonstrate the showing required by section 109(b)(1). Section 109(b)(1) requires the Commission to determine, upon petition, whether compliance with section 103 is reasonably achievable for “any equipment, facility, or service installed or deployed after January 1, 1995.” Unless the evidence demonstrates that the petitioner has comprehensively considered how to become compliant with CALEA section 103, it would be difficult for the Commission to conclude that section 103 compliance is not reasonably achievable. Simply put, the evidence must demonstrate that alternative solutions were not reasonably achievable.

    44. To meet this requirement, the petitioner may need to compare, for Start Printed Page 38098example, the cost of making annual payments to a TTP for a CALEA service for a number of years to the cost of purchasing equipment and/or systems up front that enable the petitioner to meet CALEA capability requirements themselves. Some solutions may include both elements: leasing capabilities and buying equipment. In addition, the petitioner may also seek to include recurring CALEA-specific operations costs in the cost calculation. Thus, it is necessary to capture the impact of delayed vs. immediate expenditures in calculating the total cost of any solution, and to express the cost of alternative solutions in comparable dollars. A calculation of the (net) present value or present worth of expenditures of the solution is a recognized way to accomplish this dual purpose.

    45. Our analysis and conclusions here do not compel telecommunications carriers to adopt any particular “equipment, facility, service, or feature” or “any specific design of equipment, facilities, services, features, or system configurations.” Service providers are free to configure and build their systems any way they choose. But a service provider that seeks cost recovery relief pursuant to section 109(b)(1) must demonstrate that CALEA compliance per se is not reasonably achievable. A petition must include persuasive evidence that the petitioner cannot afford to achieve compliance through network upgrades or equipment retrofits. It must include a demonstration that the petitioner's preferred CALEA solution is not reasonably achievable and that no alternative CALEA solution is reasonably achievable, including alternative manufacturer-provided service packages, services provided by TTPs, and sharing arrangements with other service providers.

    46. A due diligence showing is particularly necessary to enable us to consider whether section 109(b)(1) relief is appropriate in cases where CALEA standards have not been developed and/or CALEA solutions are not generally available. We reject the idea that we may grant section 109(b)(1) relief merely because standards have not been developed or solutions are not generally available. We therefore adopt our tentative conclusion that the requirements of section 109(b)(1) would not be met by a petitioning telecommunications carrier that merely asserted that CALEA standards had not been developed, or that solutions were not readily available from manufacturers.

    47. Nevertheless, we emphasize that section 109(b)(1)'s due diligence analysis is fact-specific and will take into account, for example, the resources of the petitioner. We recognize that some telecommunications carriers, particularly small telecommunications carriers, may conclude that they cannot afford the efforts required to develop their own solutions. Thus, for example, a small rural telecommunications carrier might provide evidence that the lack of industry standards and solutions, coupled with its lack of financial resources, would justify a finding that the small telecommunications carrier had met its due diligence requirements by proffering only one solution, so long as it is a bona fide solution.

    48. We expect that significant progress in developing CALEA standards and solutions for broadband Internet access and interconnected VoIP services will be achieved during the 18-month compliance period. We expect that few if any petitioners could successfully demonstrate the due diligence necessary to support a section 109(b)(1) petition until the close of the transition. We in fact expect broadband Internet access and interconnected VoIP providers to utilize that transition period as an opportunity to promote the development of CALEA standards and solutions. Failure to utilize this opportunity, or to document steps taken to promote CALEA compliance throughout the transition period, will seriously damage a petitioner's chances of obtaining section 109(b)(1) relief.

    d. Section 109(b)(1)'s Eleven Criteria

    49. In determining whether a telecommunications carrier has successfully demonstrated that compliance with a CALEA section 103 assistance capability requirement is not reasonably achievable pursuant to section 109(b)(1), the Commission must examine the 11 statutory criteria set out in section 109(b)(1). We affirm the Commission's tentative conclusion in the NPRM that the Commission need not weigh equally all 11 criteria, and its tentative conclusion that we should assign greater weight to national security and public safety-related concerns. We also conclude that we should require petitioners to include in their showing precisely identified CALEA section 103 capability requirements and “equipment, facilities, or services” for which relief is sought. We affirm our finding in the NPRM that under the requirements of section 109(b)(1)(B) and 109(b)(1)(D), petitioners must include a thorough analysis of precisely identified costs to satisfy CALEA obligations, as well as their effects on local service ratepayers, where relevant; general allegations that projected costs were “too high” or unreasonably burdensome will not suffice. We direct parties’ attention to the cost discussion in the previous CALEA Second Report and Order in CC Docket No. 97-213 and we reaffirm our determination there that costs not directly related to CALEA compliance may not be included in section 109(b) petitions.

    50. To provide further guidance as to how the Commission will apply consideration of the eleven section 109(b)(1) evaluative criteria in particular cases, we provide the discussion set out below. We nevertheless caution interested persons that these guidelines are intended to provide general guidance only. The Commission will examine each section 109(b) petition based on the facts contained therein and in the context of a specific analysis of national security factors and other factors that exist at that time. Section 109(b(1) directs the Commission to examine the following criteria:

    (A) “The effect on public safety and national security.” Because the purpose of the CALEA statute is to ensure public safety and national security, this criterion is critically important. In a particular case, the Commission will consider all relevant evidence submitted by LEAs per this criterion, as well as recommendations about how this criterion should be applied to submitted evidence and what weight should be assigned to such evidence in our particular deliberations. We will also consider all relevant evidence submitted by a petitioner, including evidence about the number of electronic surveillance requests it has received from LEAs for the five (5) year period prior to submission of its section 109(b) petition. We will consider this latter evidence in connection with evaluating application of the instant criterion as well as evaluating other, cost-related criteria set out in section 109(b)(1)(A) through (K).

    (B) “The effect on rates for basic residential telephone service.” Application of this factor affects only evaluation of section 109(b) petitions submitted by residential telephone service providers subject to the Commission's Part 36 regulation. Its relevance will be decisively affected by how the Commission decides to implement jurisdictional separations policy pursuant to the directive set out in 47 U.S.C. 229(e)(3).

    (C) “The need to protect the privacy and security of communications not authorized to be intercepted.” A petitioner must submit persuasive Start Printed Page 38099evidence why solution(s) described in its petition could not protect the privacy and security of customer communications. In instances where the petition presents evidence about TTP services, the petitioner must present persuasive evidence that the TTP(s) cannot or will not provide privacy and security protection.

    (D) “The need to achieve the capability assistance requirements of section 103 by cost-effective methods.” A petitioner must submit persuasive evidence showing that all identified solutions, including those provided by equipment vendors and other manufacturers, TTPs, or solutions that the petitioner proposes to develop for itself, would impose a significant “difficulty or expense” within the meaning of the statute. In the event that there is no industry standard or available market solution at the time that a telecommunications carrier files its petition, the telecommunications carrier would need to demonstrate that implementation of its own proposed solution would impose a significant expense.

    (E) “The effect on the nature and cost of the equipment, facility, or service at issue.” In addition to the cost showing described in paragraph (D), the petitioner must submit persuasive evidence demonstrating some adverse effect on its facilities.

    (F) “The effect on the operation of the equipment, facility, or service at issue.” In addition to the cost showing in paragraph (D), the petitioner would need to demonstrate a specific adverse effect on its operations.

    (G) “The policy of the United States to encourage the provision of new technologies and services to the public.” The petitioner must submit persuasive evidence demonstrating that CALEA requirements were preventing it from deploying a specifically identified new technology or service, and/or persuasive evidence that imposing CALEA requirements would require it to take a technology or service off the market.

    (H) “The financial resources of the telecommunications carrier.” A showing under this factor would be similar to the showing under factor (D). The petitioner must present financial resource documentation, including current balance sheets and a complete analysis of debt and equity financing resources that are available. If the particular petitioner is a small and rural telecommunications carrier, this must include a description and analysis of all funding and loan guarantee sources available from state and federal assistance programs. Where relevant, all telecommunications carriers must provide evidence showing how state and local regulation affects the availability or use of its financial resources. For example, telecommunications carriers regulated by state Public Utility Commissions should describe in detail how Commission-approved depreciation schedules can be modified to provide for capital equipment acquisition on terms more favorable than currently negotiated and approved terms, or provide evidence that such schedules cannot be modified. Per this criterion, the petitioner must submit persuasive evidence that demonstrates that its current financial resources and financial resources generally available to it are not or would not be sufficient to prevent the imposition of “significant difficulty or expense” as defined by CALEA section 109(b)(1).

    (I) “The effect on competition in the provision of telecommunications services.” Under this factor, the petitioner would need to submit persuasive evidence that demonstrate a specific and quantifiable harm.

    (J) “The extent to which the design and development of the equipment, facility, or service was initiated before January 1, 1995.” This factor is self-explanatory. In most if not all cases, it will not apply to facilities-based broadband Internet access and interconnected VoIP.

    (K) “Such other factors as the Commission determines are appropriate.” This provision enables the Commission to evaluate factors that may arise on a case by case basis, that were difficult for Congress to predict when enacting the statute, and are difficult for the Commission to predict during a rulemaking.

    51. Attachment E of the Second Report and Order sets forth filing instructions explaining the specific information telecommunications carriers should include in their section 109(b) petitions. Attachment E of the Second Report and Order reflects the proposal in the NPRM, consideration of the record in this proceeding, and our further analysis herein of the statute's requirements.

    52. Some small telecommunications carriers have urged us to allow telecommunications carriers filing section 109(b)(1) petitions to pool their applications under one general application petition and, as a result, more efficiently present common arguments and save the costs of submitting individual petitions, each of which would be assessed the $5200 filing fee. We conclude that this is inappropriate given the requirements imposed by section 109(b)(1). Section 109(b)(1) requires a detailed presentation of evidence that section 103 compliance is not reasonably achievable. Petitioners are required to submit evidence that demonstrates this in connection with precisely identified services, equipment, and facilities. These will differ from carrier to carrier. Additionally, petitioners are required to identify cost and financial resources information that is detailed and highly telecommunications carrier-specific. Even if we were to accept jointly pooled section 109(b)(1) petitions, we would, by operation of the statute, need to separate each separate telecommunications carrier petition for individual assessment. This individual assessment will impose predictable costs.

    3. Confidential Treatment of Section 107(c)(1) and Section 109(b)(1) Petitions

    53. In addition to highly sensitive cost and financial resources information, section 107(c)(1) and section 109(b)(1) petitions are likely to contain specific information regarding the inability of telecommunications equipment, facilities, and services to comply with CALEA standards. The facts underlying discrete section 107(c) and section 109(b) adjudicatory proceedings could also involve highly sensitive information about LEA activities. We therefore believe that section 107(c) and section 109(b) filings would be entitled to confidential treatment under the Freedom of Information Act (FOIA) and the Commission's rules. Accordingly, we direct petitioners to file their petitions under a general claim of confidential or proprietary protection, subject only to scrutiny by the Commission and the Attorney General who is consulted in section 107(c) adjudications and is a party to all section 109(b) adjudications. Petitioning telecommunications carriers are not required to request separately confidential treatment for the information submitted in their petitions. However, petitioners must mark the top of each page of their petitions: “Confidential—Not for Public Inspection.” We further conclude that, pursuant to section 0.457(g) of the Commission's rules, the information provided by telecommunications carriers in these CALEA proceedings will not be made routinely available for public inspection. No commenter disagrees with this approach.

    4. Monitoring Reports

    54. In its Petition, Law Enforcement requested that the Commission impose a new compliance regime consisting of standardized CALEA compliance Start Printed Page 38100benchmarks for packet technologies. Under this proposal, limited compliance extensions generally would be granted only if providers of services that use packet technologies agreed to meet the proposed benchmarks. Most LEAs supported this proposal; nearly everyone else opposed it as exceeding or contravening the explicit terms of the statute. We decline at this time to adopt the Law Enforcement benchmark proposal. As we stated in the NPRM, we conclude that the interpretation of CALEA that we adopt in this Second R&O, particularly of CALEA sections 107(c) and 109(b), will better promote law enforcement's stated objective that all telecommunications carriers should become compliant with CALEA requirements as soon as possible.

    55. Nevertheless, we share Law Enforcement's general concern that telecommunications carriers timely comply with CALEA for packet technologies. In the past, telecommunications carriers' progress in complying with CALEA for packet technologies was effectively monitored in two ways: by the FBI when it administered a Flexible Deployment program for packet technology, and by the Commission in administering section 107(c) extension petitions. The FBI's Flexible Deployment program no longer applies to packet technology and, as a consequence of our decision here, few telecommunications carriers will be able to seek extensions under section 107(c). With information from these programs no longer available, the Commission will have difficulty identifying, with sufficient forewarning, impediments to timely compliance and will have little opportunity to assist the industry, as appropriate, in achieving timely compliance. We thus conclude that all telecommunications carriers providing facilities-based broadband Internet access or interconnected VoIP services shall file a monitoring report with the Commission which will help the Commission ensure that providers of services that use packet technologies become CALEA compliant expeditiously. Specifically, with respect to facilities-based broadband Internet access providers and interconnected VoIP providers, we believe that a monitoring report will better ensure that they are able to meet the May 14, 2007 CALEA compliance deadline. A sample monitoring report (Form XXX) is provided in Attachment G of the Second Report and Order. These monitoring reports are separate and distinct from any section 107(c) or section 109 filings that a telecommunications carrier may choose to make, and will not be considered substitutes for seeking relief under those provisions.

    56. Accordingly, we specify the following procedure for these monitoring reports. Once OMB approves the new paperwork collection requirements of this Second R&O, we will issue a public notice setting forth a deadline that will require that providers of all such services to submit to the Commission a completed Form XXX, briefly describing the status of its compliance for each service based on packet technology, e.g., whether the service already complies, whether the telecommunications carrier will comply with an identified industry standard or develop an ad hoc solution, the steps the telecommunications carrier is undertaking to achieve CALEA compliance, any problems with manufacturer support or network installation, and the date compliance is anticipated. Completed Forms XXX will not be made available to the public. We will, however, share completed Forms XXX with DOJ/FBI so that they may evaluate the progress each provider of a service that uses packet technology is making to achieve CALEA compliance. Where necessary, we may request additional information from a provider regarding its efforts to become CALEA compliant by the May 14, 2007 deadline.

    57. We find that the above procedure will promote expeditious CALEA compliance by providers of services that use packet technologies, but whose services are not yet CALEA compliant. We recognize that this procedure will impose an increased administrative burden on such providers, but anticipate that this burden will be minimal. To minimize the burden, we have developed a relatively short reporting form.

    5. Disposition of Pending Section 107(c)(1) Petitions

    58. We conclude that section 107(c) extension relief is not available for applications that include equipment, facilities and services installed or deployed on or after October 25, 1998. Accordingly, once OMB approves the new paperwork collection requirements of this Second R&O, we will issue a public notice setting forth a deadline by which any telecommunications carrier that has a section 107(c) petition on file with us shall file a letter that attests that its pending petition exclusively concerns equipment, facilities and services installed or deployed before October 25, 1998. The Commission will thereafter dismiss all non-conforming petitions and petitions for which clarifying letters have not been received.

    C. Enforcement of CALEA

    59. In the NPRM, we considered whether, in addition to the enforcement remedies through the courts available to LEAs under section 108 of CALEA, we may take separate enforcement action against telecommunications carriers, manufacturers and providers of telecommunications support services that fail to comply with CALEA. We stated that we appear to have broad authority under section 229(a) of the Communications Act to promulgate and enforce CALEA rules against both common carriers and non-common carriers, and sought comment on this analysis. We also sought comment on whether sections 108 and/or 201 of CALEA impose any limitations on the nature of the remedy that we may impose (e.g. injunctive relief) and whether section 106 of CALEA imposes any limitations on our enforcement authority over manufacturers and support service providers.

    60. Additionally, we sought comment in the NPRM on how we would enforce the assistance capability requirements under section 103 of CALEA. To facilitate enforcement, we tentatively concluded that, at a minimum, we should adopt the requirements of section 103 as Commission rules. We asked whether, given this tentative conclusion, the lack of Commission-established technical requirements or standards under CALEA section 107(b) for a particular technology would affect our authority to enforce section 103. Further, we asked whether there are other provisions of CALEA, such as section 107(a)'s safe harbor provisions, that the Commission should adopt as rules in order to effectively enforce the statute. Moreover, we stated in the NPRM that we believed it to be in the public interest for covered carriers to become CALEA compliant as expeditiously as possible and recognized the importance of effective enforcement of our rules affecting such compliance. We sought comment on whether our general enforcement procedures are sufficient for purposes of CALEA enforcement or whether we should implement some special procedures for purposes of CALEA enforcement. We also sought comment on any other measures we should take into consideration in deciding how best to enforce CALEA requirements.

    61. Discussion. DOJ strongly supports the Commission enforcing the CALEA rules under section 229(a) of the Communications Act. DOJ contends that the telecommunications industry has in many instances failed to cooperate with LEAs and has delayed establishing Start Printed Page 38101CALEA standards and implementing new wiretapping technologies. However, industry commenters contend that CALEA enforcement authority lies exclusively with the courts under CALEA section 108.

    62. We find that we have the authority under section 229(a) to enforce CALEA, as that section gives us authority to “prescribe such rules as are necessary to implement the requirements of the Communications Assistance for Law Enforcement Act.” As we observed in the NPRM, section 229(a) provides broad authority for the Commission to adopt rules to implement CALEA and, unlike section 229(b) does not limit our rulemaking authority to common carriers. While the “penalties” provision of section 229(d) refers to CALEA violations “by the carrier,” section 229(d) does not limit the Commission's general enforcement authority under the Communications Act. We thus conclude that the Commission has general authority under the Communications Act to promulgate and enforce CALEA rules against carriers as well as non-common carriers. We also conclude that section 106 of CALEA does not limit our authority to promulgate and enforce CALEA rules against manufacturers and support service providers. Accordingly, we find that, contrary to commenters who argued that authority to enforce CALEA lies exclusively with the courts under CALEA section 108, we have the authority to prescribe CALEA rules and investigate the compliance of those carriers and providers subject to such rules. Additionally, under the Communications Act, the Commission has broad authority to enforce its rules. It can, for example, issue monetary forfeitures and cease and desist orders against common carriers and non-common carriers alike for violations of Commission rules.

    63. We also conclude that sections 108 and 201 of CALEA do not limit the nature of the remedy that the Commission may impose. Whereas court actions under sections 108 and 201 would typically follow a failed attempt by a carrier to comply with an electronic surveillance order, the Commission may pursue enforcement actions against any carrier for failure to ensure that its equipment, facilities or services are capable of providing the assistance capability requirements prior to receiving an electronic surveillance request. Thus, the Commission's enforcement authority is complementary to, not duplicative of, the authority granted LEAs under sections 108 and 201.

    64. We observe that the Commission's rules already include various CALEA requirements that we may enforce, including system security and records management requirements for all carriers subject to CALEA and assistance capability requirements for wireline, cellular and PCS carriers. Our existing rules for wireline, cellular and PCS carriers already state that these carriers are to comply with the assistance capability requirements in section 103; however, we have not previously codified this requirement for other carriers subject to CALEA. We thus adopt our tentative conclusion to codify this statutory requirement and thereby clarify that all carriers subject to CALEA are to comply, at a minimum, with the assistance capability requirements of section 103. This action will facilitate the Commission's enforcement of CALEA. We recognize that, in the absence of Commission action to specify more precise requirements in response to a section 107 (b) deficiency petition, as we did previously regarding J-STD-025, our rule sets forth a minimum requirement that carriers, manufacturers and support service providers may satisfy in various ways (e.g., implementing an industry standard, ad hoc or interim solution). Nonetheless, this does not diminish our resolve to consider carefully a bona fide complaint that a carrier, manufacturers or support service provider has not provided the necessary assistance capabilities and to take appropriate enforcement action.

    D. Cost Recovery Issues

    65. In the NPRM, the Commission sought comment on a number of issues related to the recovery of CALEA compliance costs, including the nature of such costs and from which parties the costs could be recovered. The Commission also inquired into CALEA cost recovery pursuant to intercept statutes. The Commission further sought comment on whether specific cost recovery rules should be adopted to help ensure that small and rural carriers can become CALEA-compliant. Acting pursuant to section 229(e)(3) of the Communications Act, the Commission also referred to the Federal-State Joint Board on Jurisdictional Separations (Joint Board) the following question: whether CALEA compliance costs should be separated between intrastate and interstate jurisdictions, and, if so, how the associated costs and revenues should be allocated. Because of the importance of the issues, the Commission asked the Joint Board to issue recommendations within a year of the release of the NPRM, by August 9, 2005. The Joint Board, however, has not yet issued its recommendation.

    66. In the NPRM, the Commission tentatively concluded that carriers bear responsibility for CALEA development and implementation costs for post-January 1, 1995 equipment and facilities. We affirm this tentative conclusion. Cost recovery from the federal government under CALEA section 109 turns on whether equipment and facilities were deployed before or after January 1, 1995. CALEA section 109 placed financial responsibility on the federal government for CALEA implementation costs related to equipment deployed on or before January 1, 1995. If the federal government refused to pay for such modifications, a carrier's pre-1995 deployed equipment and facilities are considered CALEA compliant until such equipment or facility “is replaced or significantly upgraded or otherwise undergoes major modification” for purposes of normal business operations. On the other hand, for CALEA implementation costs associated with equipment deployed after January 1, 1995, CALEA section 109 places financial responsibility on the telecommunications carriers unless the Commission determines compliance is not “reasonably achievable.” Only in that event may the Attorney General agree to pay carriers the “additional reasonable costs of making compliance * * * reasonably achievable.” Based on CALEA's clear delineation of responsibility for compliance costs, we conclude that carriers bear responsibility for CALEA development and implementation costs for post-January 1, 1995 equipment and facilities, absent a finding that compliance is not reasonably achievable pursuant to CALEA section 109(b).

    67. In the NPRM, the Commission acknowledged its prior statement regarding the ability of carriers to recover a portion of their CALEA capital costs through electronic surveillance order charges imposed on LEAs, and that this statement was made without the benefit of a complete and full record on the issue. The Commission made this observation as one of several aspects that mitigated the cost burden on carriers of implementing four CALEA punch list items. However, because we now conclude that CALEA section 109 provides the exclusive mechanism by which carriers may recover from law enforcement capital costs associated with meeting the capability requirements of CALEA section 103, the Commission's prior statement was incorrect to the extent it suggested that carriers may recover CALEA capital Start Printed Page 38102costs through intercept charges. As discussed, CALEA specifically addresses the allocation of responsibility for compliance costs. CALEA section 109 makes the federal government responsible for compliance costs for the period on or before January 1, 1995, and places the responsibility for compliance costs after January 1, 1995 on carriers, absent a finding that compliance is not reasonably achievable pursuant to CALEA section 109(b). Allowing carriers to recover CALEA compliance costs from the government through other means, such as through intercept charges, would be inconsistent with the cost recovery methodology set forth in CALEA section 109 because it would disrupt the cost burden balance between law enforcement and carriers carefully crafted by Congress in enacting CALEA. In short, as DOJ notes, it “would essentially allow carriers to do an ‘end-run’ around the provisions of section 109(b) and Congressional intent.” We therefore conclude that, while carriers possess the authority to recover through intercept charges the costs associated with carrying out an intercept that is accomplished using a CALEA-based intercept solution, they are prohibited by CALEA from recovering through intercept charges the costs of making modifications to equipment, facilities, or services pursuant to the assistance capability requirements of CALEA section 103 and the costs of developing, installing, and deploying CALEA-based intercept solutions that comply with the assistance capability requirements of CALEA section 103.

    68. To the extent carriers do not meet the necessary criteria for obtaining cost recovery pursuant to section 109(b) of CALEA, carriers may absorb the costs of CALEA compliance as a necessary cost of doing business, or, where appropriate, recover some portion of their CALEA section 103 implementation costs from their subscribers. The specific provision allowing carriers to recover some portion of their CALEA capital costs from their subscribers also reinforces our conclusion that carriers may not recover such costs from law enforcement through intercept charges. To the extent that carriers are not able to recover their CALEA capital costs from the federal government through section 109, Congress provided only one other avenue for carriers to recover such costs, and that is from subscribers, not law enforcement. Such recovery from consumers, of course, will vary among telecommunications carriers subject to CALEA depending on certain factors. Rate-regulated carriers (e.g., incumbent local exchange carriers) cannot raise rates without first obtaining authorization to do so. Other carriers (e.g., Commercial Mobile Radio Services (CMRS) providers) can recover their costs from subscribers on a competitive market basis. Given this backdrop, in the NPRM, we invited comment on whether a national surcharge scheme is feasible for carriers in their efforts to meet CALEA requirements. We also sought comment on whether the Commission would need to undertake a specific forbearance analysis under section 10 of the Communications Act, and whether states may expressly provide for or preclude the recovery of CALEA compliance costs.

    69. We decline to adopt a national surcharge to recover CALEA costs. We find that it would not serve the public interest to use a national surcharge scheme or to implement some form of cost pooling system, as some commenters suggest, because such a scheme would increase the administrative burden placed upon the carriers and provide little incentive for carriers to minimize their costs. We therefore decline to mandate a surcharge or other specific method of CALEA cost recovery. We find that carriers that are not subject to rate regulation may choose to recover their CALEA-related costs from their subscribers through any lawful manner consistent with their obligations under the Communications Act. Section 229(e) of the Communications Act allows rate-regulated common carriers to seek to recover their federally-allocated CALEA section 103 costs from subscribers. As noted, the Joint Board has not yet provided its recommendation as to the allocation of CALEA costs between the federal and state jurisdictions. After the Joint Board issues its recommendation, and to the extent that CALEA costs ultimately are allocated to the federal jurisdiction, rate-regulated carriers subject to the Commission's price cap rules have the ability to seek exogenous treatment of the federally-allocated CALEA costs. Carriers subject to the Commission's rate-of-return rules have the ability to propose rate changes that would seek recovery of any federally-allocated CALEA costs not already recovered in rates.

    70. Commenters to the NPRM also argue that carriers with smaller subscriber bases are less able to bear the costs of CALEA implementation. To the extent CALEA costs prohibit these carriers from reasonably achieving CALEA compliance, CALEA section 109(b) provides a remedy. The carriers can seek a determination from the Commission that CALEA compliance is not reasonably achievable, and, upon such a determination, the Attorney General may agree to pay the costs of compliance for these carriers, or the carriers will be deemed to be in compliance.

    E. System Security Requirements

    71. In the First R&O, we concluded that providers of facilities-based broadband Internet access service and interconnected VoIP service newly identified as subject to CALEA under the Substantial Replacement Provision are to comply with the assistance capability requirements in section 103 of CALEA within 18 months of the effective date of the First R&O. In the Second R&O, we determine that these newly identified carriers must comply with the system security requirements in section 105 of CALEA and section 229(b) of the Communications Act, as codified in the Commission's rules, within 90 days of the effective date of this Second R&O.

    72. We find that, based on the record, 90 days is a reasonable time period to expect providers of facilities-based broadband Internet access service and interconnected VoIP service to comply with sections 105 and 229(b) system security requirements, as codified in the Commission's rules. Thus, we require these carriers to file with the Commission within 90 days of the effective date of this Second R&O the policies and procedures they use to comply with the system security requirements as codified in our rules. Ninety days is the same amount of time provided by the Commission when it initially adopted these requirements. Timely compliance with these requirements will assist LEAs and the Commission in identifying those entities now subject to CALEA, provide important contact information for Commission follow-up on CALEA compliance, and, more importantly for LEAs, ensure that providers of facilities-based broadband Internet access service and interconnected VoIP service are adequately prepared for assisting LEAs in conducting lawful electronic surveillance.

    F. Future Services and Technologies

    73. In the NPRM, the Commission tentatively concluded that it is unnecessary to adopt Law Enforcement's proposal regarding the Commission identifying future services and entities subject to CALEA. We recognized Law Enforcement's need for more certainty regarding the applicability of CALEA to new services and technologies, but expressed Start Printed Page 38103concerned that Law Enforcement's proposed approach could be inconsistent with CALEA's statutory intent and could create an obstacle to innovation. We noted that the requirements of the statute and its legislative history seem to support opponents' arguments that Congress did not intend that manufacturers or service providers would be required to obtain advance clearance from the government before deploying a technology or service that is not subject to CALEA. We also expressed concern that, as a practical matter, providers will be reluctant to develop and deploy innovative services and technologies if they must build in CALEA capabilities to equipment that ultimately may not be subject to CALEA or wait for a ruling on the statute's application to the new service or technology.

    74. Discussion. In its comments to the NPRM, DOJ argues that the Commission should adopt procedures to determine whether future services and entities are subject to CALEA. DOJ contends that it would be helpful for industry and LEAs to be able to seek rulings from the Commission regarding CALEA's applicability to a new service in advance of that service's introduction into the marketplace. DOJ concludes that the Commission should require or strongly encourage all providers of interstate wire or electronic communications services that have any question about whether they are subject to CALEA to seek Commission guidance at the earliest possible date, well before deployment of the service in question.

    75. Other commenters support the tentative conclusion set forth in the NPRM, contending that the public interest in innovation is not served by government design mandates imposed upon manufacturers and telecommunications carriers. Verizon states that, while it supports the availability of an optional expedited declaratory ruling procedure for carriers that are unsure of their CALEA obligations, DOJ's proposed procedures and related requirements would effectively force carriers to obtain pre-authorization of new services and would contradict Congress's intent expressed in CALEA's legislative history, which makes clear that CALEA should be implemented in a way that does not impede the introduction of new technologies, features, and services.

    76. We agree with Verizon and other commenters that it would be inconsistent with the legislative history of CALEA and inappropriate as a matter of policy for the Commission to identify future services and entities that may be subject to CALEA. While we are sympathetic to DOJ's goal of establishing greater certainty regarding the applicability of CALEA to new services and technologies, we find that implementing DOJ's proposal would have a chilling effect on innovation. We believe that we can best determine the future services and entities that are subject to CALEA on a case-by-case basis. However, we concur with Verizon that an optional expedited declaratory ruling procedure for entities that are unsure of their CALEA obligations with regard to new services would be useful. Accordingly, telecommunications carriers and manufacturers, as well as LEAs, may petition the Commission for a declaratory ruling as to CALEA obligations with regard to new equipment, facilities and services.

    G. Consolidation of CALEA Rules

    77. We are taking this opportunity to consolidate our CALEA rules into part 1. Currently, those rules are contained in three different Parts of the Commission's rules: part 22, titled “Public Mobile Services;” part 24, titled “Personal Communications Services;” and part 64, titled “Miscellaneous Rules Related to Common Carriers.” CALEA rules for parts 22 and 24 are each contained in a subpart J, titled “Required New Capabilities Pursuant to the Communications Assistance for Law Enforcement Act (CALEA).” Each respective subpart sets forth the CALEA capabilities that must be provided by cellular and Personal Communications Services (PCS) telecommunications carriers. CALEA rules for part 64 are contained both in subpart V, titled “Telecommunication Carrier System Security and Integrity Pursuant to the Communications Assistance for Law Enforcement Act (CALEA);” and in subpart W, titled “Required New Capabilities Pursuant to the Communications Assistance for Law Enforcement Act (CALEA).” subpart V of part 64 sets forth the CALEA systems security and integrity rules for all telecommunications carriers, while subpart W of part 64 sets forth the CALEA capabilities that must be provided by wireline telecommunications carriers.

    78. Our current CALEA rules structure is somewhat confusing because capability requirements are contained in three different parts, while systems security and integrity requirements are contained in only one part. Further, the capability requirements for cellular, PCS, and wireline telecommunications carriers specified in different parts are identical, with the only differences in language being the specific references to the three different types of carriers. Moreover, as discussed, we are herein codifying the statutory requirement that all carriers subject to CALEA must comply with the assistance capability requirements of section 103. While we could codify this requirement in part 64, that part pertains to “telecommunications carriers” under the Communications Act, rather than the broader application of that term under CALEA. We therefore find it more logical to codify this requirement and consolidate our existing CALEA rules in part 1, which is titled “Practice and Procedure,” and contains rules that apply more broadly to various services within the Commission's jurisdiction. Accordingly, we are establishing new subpart Z of part 1, titling it “Communications Assistance for Law Enforcement Act,” and are deleting part 22, subpart J; part 24, subpart J; part 64, subpart V; and part 64, subpart W. Part 1, subpart Z specifies that all carriers subject to CALEA must comply with both the assistance capability requirements of CALEA section 103 and the systems security and integrity requirements of CALEA section 105, and also lists the specific capability requirements pertaining to cellular, PCS, and wireline carriers that are currently set forth in parts 22, 24, and 64. These rule changes are specified in the rules section.

    H. Miscellaneous

    79. We recognize that certain questions raised by the outstanding Further Notice of Proposed Rulemaking in this docket remain unresolved. We intend to address these matters expeditiously in a future order. In addition, we recognize that parties may also seek clarification of our rules and regulations. Our rules and precedent provide us with authority to issue such clarifications, amendments, suspensions, or waivers both in response to petitions or on our own motion.

    Final Regulatory Flexibility Analysis

    80. As required by the Regulatory Flexibility Act of 1980, as amended (RFA), an Initial Regulatory Flexibility Analysis (IRFA) was incorporated in the NPRM in this proceeding. The Commission sought written public comment on the proposals in the NPRM, including comment on the IRFA. The comments received are discussed below, except to the extent that they were previously addressed in the Final Regulatory Flexibility Analysis (FRFA) attached to the First R&O in this proceeding. The current FRFA, which conforms to the RFA, pertains only to the Second R&O in this proceeding. The Start Printed Page 38104companion MO&O does not adopt rules, but rather, inter alia, denies a petition to change a Commission rule.

    A. Need for, and Objectives of, the Rules

    81. Advances in technology, most notably the introduction of digital transmission and processing techniques, and the proliferation of Internet services such as broadband access and VoIP, have challenged the ability of LEAs to conduct lawful electronic surveillance. In light of these difficulties and other outstanding issues associated with the implementation of the CALEA, DOJ, FBI, and DEA filed a joint petition for expedited rulemaking in March 2004, asking the Commission to address and resolve these issues. The First R&O concluded that CALEA applies to facilities-based broadband Internet access providers and providers of interconnected VoIP service, and established a compliance deadline of May 14, 2007 for these providers.

    82. In the Second R&O, we require that facilities-based broadband Internet access providers and providers of interconnected VoIP submit monitoring reports to ensure their CALEA compliance by the May 14, 2007 deadline established by the First R&O. More generally, we require that telecommunications carriers comply with CALEA by finding that sections 107(c) and 109(b) of CALEA provide only limited and temporary relief from compliance requirements, and by finding that extension of the compliance deadline for capabilities required by CALEA section 103 is available only for facilities and services deployed prior to October 25, 1998 under the express terms of the statute. We also conclude that, in addition to the enforcement remedies through the courts available to LEAs under CALEA section 108, we may take separate enforcement action under section 229(a) of the Communications Act against carriers that fail to comply with CALEA. Moreover, we conclude that carriers must generally pay for CALEA development and implementation costs incurred after January 1, 1995 (unless their costs are reimbursed in response to a CALEA section 109(b) petition), but we acknowledge that they may recover costs from other sources, such as from their subscribers.

    B. Summary of Significant Issues Raised by Public Comments in Response to the IRFA

    83. In this section, we respond to commenters who filed directly in response to the IRFA. To the extent we received comments raising general small business concerns during this proceeding, those comments are discussed throughout the Second R&O.

    84. The National Telecommunications Cooperative Association (NTCA) and the Office of Advocacy, U.S. Small Business Administration (Advocacy) filed comments directly in response to the IRFA. NTCA and Advocacy both generally contend that the RFA requires that the Commission consider less burdensome alternatives appropriate to the size of the covered entities. These comments were partially addressed in our previous First R&O in this proceeding; therefore, in this FRFA, we respond only to those arguments that are relevant to the Second R&O. In particular, we respond to NTCA's argument that we failed to include the availability of CALEA section 107(c) extension petitions as part of the IRFA and to Advocacy's arguments that the IRFA did not discuss all the alternatives available to small entities, including petitions for extensions under CALEA sections 107(c) and 109(b) and use of TTPs.

    85. We reject NTCA's and Advocacy's arguments that the Commission failed to adequately consider these issues. While we recognize that we did not specifically list them in the IRFA, the IRFA combined with the NPRM appropriately identified the ways in which the Commission could lessen the regulatory burdens on small businesses in compliance with our RFA obligations. First, we generally discussed in the NPRM the possibility of an exemption from CALEA compliance for small businesses that provide wireless broadband Internet access to rural areas. Second, with regard to CALEA sections 107(c) and 109(b) compliance extension petitions, we devoted an entire section of the NPRM, spanning 24 paragraphs, to these issues. Although we proposed to restrict the availability of compliance extensions under section 107(c) and noted that there is a significant burden on section 109(b) petitioners, we thoroughly considered the potential impact of those proposals on small businesses, but concluded that it would be inconsistent with the CALEA statute to make exceptions for small businesses with respect to section 107(c) and section 109(b) petitions. Third, with respect to TTPs, we devoted a subsection of the NPRM, spanning eight paragraphs, to that issue. We noted therein that there may be some tension between relying on a TTP model and “safe harbor” standards, but that TTPs had the potential to simplify or ease the burden on carriers and manufacturers in providing packet content and call-identifying information to LEAs. Further, we noted that external TTP systems “might provide economies of scale for small carriers.” Therefore, we believe that a revised IRFA is not necessary on any of these issues.

    C. Description and Estimate of the Number of Small Entities To Which Rules Will Apply

    86. The RFA directs agencies to provide a description of and, where feasible, an estimate of the number of small entities that may be affected by the proposed rules. The RFA generally defines the term “small entity” as having the same meaning as the terms “small business,” “small organization,” and “small governmental jurisdiction.” In addition, the term “small business” has the same meaning as the term “small business concern” under the Small Business Act. A small business concern is one which: (1) Is independently owned and operated; (2) is not dominant in its field of operation; and (3) satisfies any additional criteria established by the Small Business Administration (SBA).

    1. Telecommunications Service Entities

    a. Wireline Carriers and Service Providers

    87. Small Incumbent Local Exchange Carriers (LECs). We have included small incumbent LECs present RFA analysis. As noted above, a “small business” under the RFA is one that, inter alia, meets the pertinent small business size standard (e.g., a telephone communications business having 1,500 or fewer employees), and “is not dominant in its field of operation.” Advocacy contends that, for RFA purposes, small incumbent LECs are not dominant in their field of operation because any such dominance is not “national” in scope. We have therefore included small incumbent LECs in this RFA analysis, although we emphasize that this RFA action has no effect on Commission analyses and determinations in other, non-RFA contexts.

    88. Incumbent Local Exchange Carriers. Neither the Commission nor the SBA has developed a small business size standard specifically for incumbent local exchange services. The appropriate size standard under SBA rules is for the category Wired Telecommunications Carriers. Under that size standard, such a business is small if it has 1,500 or fewer employees. According to Commission data, 1,303 carriers have reported that they are engaged in the provision of incumbent local exchange services. Of these 1,303 carriers, an estimated 1,020 have 1,500 or fewer Start Printed Page 38105employees and 283 have more than 1,500 employees. Consequently, the Commission estimates that most providers of incumbent local exchange service are small businesses that may be affected by our action. In addition, limited preliminary census data for 2002 indicate that the total number of wired communications carriers increased approximately 34 percent from 1997 to 2002.

    89. Competitive Local Exchange Carriers, Competitive Access Providers (CAPs), “Shared-Tenant Service Providers,” and “Other Local Service Providers.” Neither the Commission nor the SBA has developed a small business size standard specifically for these service providers. The appropriate size standard under SBA rules is for the category Wired Telecommunications Carriers. Under that size standard, such a business is small if it has 1,500 or fewer employees. According to Commission data, 769 carriers have reported that they are engaged in the provision of either competitive access provider services or competitive local exchange carrier services. Of these 769 carriers, an estimated 676 have 1,500 or fewer employees and 93 have more than 1,500 employees. In addition, 12 carriers have reported that they are “Shared-Tenant Service Providers,” and all 12 are estimated to have 1,500 or fewer employees. In addition, 39 carriers have reported that they are “Other Local Service Providers.” Of the 39, an estimated 38 have 1,500 or fewer employees and one has more than 1,500 employees. Consequently, the Commission estimates that most providers of competitive local exchange service, competitive access providers, “Shared-Tenant Service Providers,” and “Other Local Service Providers” are small entities that may be affected by our action. In addition, limited preliminary census data for 2002 indicate that the total number of wired communications carriers increased approximately 34 percent from 1997 to 2002.

    90. Payphone Service Providers (PSPs). Neither the Commission nor the SBA has developed a small business size standard specifically for payphone services providers. The appropriate size standard under SBA rules is for the category Wired Telecommunications Carriers. Under that size standard, such a business is small if it has 1,500 or fewer employees. According to Commission data, 654 carriers have reported that they are engaged in the provision of payphone services. Of these, an estimated 652 have 1,500 or fewer employees and two have more than 1,500 employees. Consequently, the Commission estimates that the majority of payphone service providers are small entities that may be affected by our action. In addition, limited preliminary census data for 2002 indicate that the total number of wired communications carriers increased approximately 34 percent from 1997 to 2002.

    91. Interexchange Carriers (IXCs). Neither the Commission nor the SBA has developed a small business size standard specifically for providers of interexchange services. The appropriate size standard under SBA rules is for the category Wired Telecommunications Carriers. Under that size standard, such a business is small if it has 1,500 or fewer employees. According to Commission data, 316 carriers have reported that they are engaged in the provision of interexchange service. Of these, an estimated 292 have 1,500 or fewer employees and 24 have more than 1,500 employees. Consequently, the Commission estimates that the majority of IXCs are small entities that may be affected by our action. In addition, limited preliminary census data for 2002 indicate that the total number of wired communications carriers increased approximately 34 percent from 1997 to 2002.

    92. Operator Service Providers (OSPs). Neither the Commission nor the SBA has developed a small business size standard specifically for operator service providers. The appropriate size standard under SBA rules is for the category Wired Telecommunications Carriers. Under that size standard, such a business is small if it has 1,500 or fewer employees. According to Commission data, 23 carriers have reported that they are engaged in the provision of operator services. Of these, an estimated 20 have 1,500 or fewer employees and three have more than 1,500 employees. Consequently, the Commission estimates that the majority of OSPs are small entities that may be affected by our action. In addition, limited preliminary census data for 2002 indicate that the total number of wired communications carriers increased approximately 34 percent from 1997 to 2002.

    93. Prepaid Calling Card Providers. Neither the Commission nor the SBA has developed a small business size standard specifically for prepaid calling card providers. The appropriate size standard under SBA rules is for the category Telecommunications Resellers. Under that size standard, such a business is small if it has 1,500 or fewer employees. According to Commission data, 89 carriers have reported that they are engaged in the provision of prepaid calling cards. Of these, 88 are estimated to have 1,500 or fewer employees and one has more than 1,500 employees. Consequently, the Commission estimates that all or the majority of prepaid calling card providers are small entities that may be affected by our action.

    b. Wireless Telecommunications Service Providers

    94. For those services subject to auctions, we note that, as a general matter, the number of winning bidders that qualify as small businesses at the close of an auction does not necessarily represent the number of small businesses currently in service. Also, the Commission does not generally track subsequent business size unless, in the context of assignments or transfers, unjust enrichment issues are implicated.

    95. Wireless Service Providers. The SBA has developed a small business size standard for wireless firms within the two broad economic census categories of “Paging” and “Cellular and Other Wireless Telecommunications.” Under both SBA categories, a wireless business is small if it has 1,500 or fewer employees. For the census category of Paging, Census Bureau data for 1997 show that there were 1,320 firms in this category, total, that operated for the entire year. Of this total, 1,303 firms had employment of 999 or fewer employees, and an additional 17 firms had employment of 1,000 employees or more. Thus, under this category and associated small business size standard, the majority of firms can be considered small. For the census category Cellular and Other Wireless Telecommunications, Census Bureau data for 1997 show that there were 977 firms in this category, total, that operated for the entire year. Of this total, 965 firms had employment of 999 or fewer employees, and an additional 12 firms had employment of 1,000 employees or more. Thus, under this second category and size standard, the majority of firms can, again, be considered small. In addition, limited preliminary census data for 2002 indicate that the total number of paging providers decreased approximately 51 percent from 1997 to 2002. In addition, limited preliminary census data for 2002 indicate that the total number of cellular and other wireless telecommunications carriers increased approximately 321 percent from 1997 to 2002.

    96. Cellular Licensees. The SBA has developed a small business size standard for wireless firms within the broad economic census category “Cellular and Other Wireless Start Printed Page 38106Telecommunications.” Under this SBA category, a wireless business is small if it has 1,500 or fewer employees. For the census category Cellular and Other Wireless Telecommunications firms, Census Bureau data for 1997 show that there were 977 firms in this category, total, that operated for the entire year. Of this total, 965 firms had employment of 999 or fewer employees, and an additional 12 firms had employment of 1,000 employees or more. Thus, under this category and size standard, the great majority of firms can be considered small. Also, according to Commission data, 437 carriers reported that they were engaged in the provision of cellular service, Personal Communications Service (PCS), or Specialized Mobile Radio (SMR) Telephony services, which are placed together in the data. We have estimated that 260 of these are small, under the SBA small business size standard.

    97. Common Carrier Paging. The SBA has developed a small business size standard for wireless firms within the broad economic census category, “Cellular and Other Wireless Telecommunications.” Under this SBA category, a wireless business is small if it has 1,500 or fewer employees. For the census category of Paging, Census Bureau data for 1997 show that there were 1,320 firms in this category, total, that operated for the entire year. Of this total, 1,303 firms had employment of 999 or fewer employees, and an additional 17 firms had employment of 1,000 employees or more. Thus, under this category and associated small business size standard, the majority of firms can be considered small.

    98. In the Paging Third Report and Order, we developed a small business size standard for “small businesses” and “very small businesses” for purposes of determining their eligibility for special provisions such as bidding credits and installment payments. A “small business” is an entity that, together with its affiliates and controlling principals, has average gross revenues not exceeding $15 million for the preceding three years. Additionally, a “very small business” is an entity that, together with its affiliates and controlling principals, has average gross revenues that are not more than $3 million for the preceding three years. The SBA has approved these small business size standards. An auction of Metropolitan Economic Area licenses closed on March 2, 2000. Of the 985 licenses auctioned, 440 were sold. Fifty-seven companies claiming small business status won. Also, according to Commission data, 375 carriers reported that they were engaged in the provision of paging and messaging services. Of those, we estimate that 370 are small, under the SBA-approved small business size standard.

    99. Wireless Communications Services. This service can be used for fixed, mobile, radiolocation, and digital audio broadcasting satellite uses. The Commission established small business size standards for the wireless communications services (WCS) auction. A “small business” is an entity with average gross revenues of $40 million for each of the three preceding years, and a “very small business” is an entity with average gross revenues of $15 million for each of the three preceding years. The SBA has approved these small business size standards. The Commission auctioned geographic area licenses in the WCS service. In the auction, there were seven winning bidders that qualified as “very small business” entities, and one that qualified as a “small business” entity.

    100. Wireless Telephony. Wireless telephony includes cellular, personal communications services (PCS), and specialized mobile radio (SMR) telephony carriers. As noted earlier, the SBA has developed a small business size standard for “Cellular and Other Wireless Telecommunications” services. Under that SBA small business size standard, a business is small if it has 1,500 or fewer employees. According to Commission data, 437 carriers reported that they were engaged in the provision of wireless telephony. We have estimated that 260 of these are small under the SBA small business size standard.

    101. Broadband Personal Communications Service. The broadband Personal Communications Service (PCS) spectrum is divided into six frequency blocks designated A through F, and the Commission has held auctions for each block. The Commission defined “small entity” for Blocks C and F as an entity that has average gross revenues of $40 million or less in the three previous calendar years. For Block F, an additional classification for “very small business” was added and is defined as an entity that, together with its affiliates, has average gross revenues of not more than $15 million for the preceding three calendar years.” These standards defining “small entity” in the context of broadband PCS auctions have been approved by the SBA. No small businesses, within the SBA-approved small business size standards bid successfully for licenses in Blocks A and B. There were 90 winning bidders that qualified as small entities in the Block C auctions. A total of 93 small and very small business bidders won approximately 40 percent of the 1,479 licenses for Blocks D, E, and F. On March 23, 1999, the Commission re-auctioned 347 C, D, E, and F Block licenses. There were 48 small business winning bidders. On January 26, 2001, the Commission completed the auction of 422 C and F Broadband PCS licenses in Auction No. 35. Of the 35 winning bidders in this auction, 29 qualified as “small” or “very small” businesses. Subsequent events, concerning Auction 35, including judicial and agency determinations, resulted in a total of 163 C and F Block licenses being available for grant.

    c. Satellite Telecommunications Service Providers

    102. Satellite telecommunications service providers include satellite operators and earth station operators. The Commission has not developed a definition of small entities applicable to such operators. Therefore, the applicable definition of small entity is generally the definition under the SBA rules applicable to Satellite Telecommunications. This definition provides that a small entity is expressed as one with $13.5 million or less in annual receipts. 1997 Census Bureau data indicate that, for 1997, 273 satellite communication firms had annual receipts of under $10 million. In addition, 24 firms had receipts for that year of $10 million to $24,999,990.

    2. Cable and OVS Operators

    103. Cable and Other Program Distribution. The Census Bureau defines this category as follows: “This industry comprises establishments primarily engaged as third-party distribution systems for broadcast programming. The establishments of this industry deliver visual, aural, or textual programming received from cable networks, local television stations, or radio networks to consumers via cable or direct-to-home satellite systems on a subscription or fee basis. These establishments do not generally originate programming material.” The SBA has developed a small business size standard for Cable and Other Program Distribution, which is: all such firms having $13.5 million or less in annual receipts. According to Census Bureau data for 2002, there were a total of 1,191 firms in this category that operated for the entire year. Of this total, 1,087 firms had annual receipts of under $10 million, and 43 firms had receipts of $10 million or more but less than $25 million. Thus, under this size standard, the majority of firms can be considered small.

    104. Cable Companies and Systems. The Commission has also developed its Start Printed Page 38107own small business size standards, for the purpose of cable rate regulation. Under the Commission's rules, a “small cable company” is one serving 400,000 or fewer subscribers, nationwide. Industry data indicate that, of 1,076 cable operators nationwide, all but eleven are small under this size standard. In addition, under the Commission's rules, a “small system” is a cable system serving 15,000 or fewer subscribers. Industry data indicate that, of 7,208 systems nationwide, 6,139 systems have under 10,000 subscribers, and an additional 379 systems have 10,000-19,999 subscribers. Thus, under this second size standard, most cable systems are small.

    105. Cable System Operators. The Communications Act of 1934, as amended, also contains a size standard for small cable system operators, which is “a cable operator that, directly or through an affiliate, serves in the aggregate fewer than 1 percent of all subscribers in the United States and is not affiliated with any entity or entities whose gross annual revenues in the aggregate exceed $250,000,000.” The Commission has determined that an operator serving fewer than 677,000 subscribers shall be deemed a small operator, if its annual revenues, when combined with the total annual revenues of all its affiliates, do not exceed $250 million in the aggregate. Industry data indicate that, of 1,076 cable operators nationwide, all but ten are small under this size standard. We note that the Commission neither requests nor collects information on whether cable system operators are affiliated with entities whose gross annual revenues exceed $250 million, and therefore we are unable to estimate more accurately the number of cable system operators that would qualify as small under the size standard contained in the Communications Act of 1934.

    106. Open Video Services. Open Video Service (OVS) systems provide subscription services. The SBA has created a small business size standard for Cable and Other Program Distribution. This standard provides that a small entity is one with $12.5 million or less in annual receipts. The Commission has certified a large number of OVS operators, and some of these are currently providing service. Affiliates of Residential Communications Network, Inc. (RCN) received approval to operate OVS systems in New York City, Boston, Washington, D.C., and other areas. RCN has sufficient revenues to assure that it does not qualify as a small business entity. Little financial information is available for the other entities that are authorized to provide OVS. Given this fact, the Commission concludes that those entities might qualify as small businesses, and therefore may be affected by the rules and policies adopted herein.

    3. Internet and Other Information Service Providers

    107. Internet Service Providers. The SBA has developed a small business size standard for Internet Service Providers (ISPs). ISPs “provide clients access to the Internet and generally provide related services such as web hosting, web page designing, and hardware or software consulting related to Internet connectivity.” Under the SBA size standard, such a business is small if it has average annual receipts of $23 million or less. According to Census Bureau data for 2002, there were 2,529 firms in this category that operated for the entire year. Of these, 2,437 firms had annual receipts of under $10 million, and 47 firms had receipts of $10 million or more but less then $25 million. Consequently, we estimate that the majority of these firms are small entities that may be affected by our action.

    108. All Other Information Services. “This industry comprises establishments primarily engaged in providing other information services (except new syndicates and libraries and archives).” Our action pertains to VoIP services, which could be provided by entities that provide other services such as e-mail, online gaming, web browsing, video conferencing, instant messaging, and other, similar IP-enabled services. The SBA has developed a small business size standard for this category; that size standard is $6.5 million or less in average annual receipts. According to Census Bureau data for 1997, there were 195 firms in this category that operated for the entire year. Of these, 172 had annual receipts of under $5 million, and an additional nine firms had receipts of between $5 million and $9,999,999. Consequently, we estimate that the majority of these firms are small entities that may be affected by our action.

    D. Description of Projected Reporting, Recordkeeping and Other Compliance Requirements

    109. The Second R&O requires that facilities-based broadband Internet access providers and providers of interconnected VoIP submit monitoring reports to the Commission to ensure their CALEA compliance by the May 14, 2007 deadline established by the First R&O. The Second R&O also requires that, within 90 days of its effective date, facilities-based broadband Internet access providers and providers of interconnected VoIP who were newly-identified in the First R&O as subject to CALEA submit system security statements to the Commission. Additionally, the Second R&O requires that each carrier that has a CALEA section 107(c) petition on file with the Commission submit to us a letter documenting that the carrier's equipment, facility, or service qualifies for section 107(c) relief under the October 25, 1998 cutoff for such relief. The Second R&O contains new information collection requirements subject to the Paperwork Reduction Act of 1995 (PRA), Public Law 104-13. They will be submitted to OMB for review under Section 3507(d) of the PRA. OMB, the general public, and other Federal agencies are invited to comment on the new or modified information collection requirements contained in this proceeding.

    E. Steps Taken To Minimize Significant Economic Impact on Small Entities, and Significant Alternatives Considered

    110. The RFA requires an agency to describe any significant alternatives that it has considered in reaching its proposed approach, which may include (among others) the following four alternatives: (1) The establishment of differing compliance or reporting requirements or timetables that take into account the resources available to small entities; (2) the clarification, consolidation, or simplification of compliance or reporting requirements under the rule for small entities; (3) the use of performance, rather than design, standards; and (4) an exemption from coverage of the rule, or any part thereof, for small entities.

    111. The need for the regulations adopted herein is mandated by Federal legislation. In the Second R&O, we find that, under the express terms of the CALEA statute, all carriers subject to CALEA are obliged to become CALEA-compliant without exception. However, in the previously-issued Further Notice of Proposed Rulemaking in this proceeding (a companion document to the First R&O), we are considering two alternatives: (1) Exempting from CALEA certain classes or categories of facilities-based broadband Internet access providers—notably small and rural providers and providers of broadband networks for educational and research institutions, and (2) requiring something less than full CALEA compliance for certain classes or categories of providers, including smaller providers.

    112. In the Second R&O, we find that, within 90 days of the effective date of the Second R&O, facilities-based Start Printed Page 38108broadband Internet access providers and providers of interconnected VoIP who were newly-identified in the First R&O as subject to CALEA must submit system security statements to the Commission. Ensuring that any interception of a carrier's communications or access to call-identifying information can be activated only in accordance with a court order or other lawful authorization and with the affirmative intervention of an employee of the carrier acting in accordance with regulations prescribed by the Commission is required by section 105 of CALEA and section 229(b) of the Communications Act. Further, system security compliance within 90 days is specified for telecommunications carriers in section 64.2105 of the Commission's rules. While we considered the alternative of modifying this 90-day compliance period for facilities-based broadband Internet access providers and providers of interconnected VoIP who were newly-identified in the First R&O as subject to CALEA, we concluded that would result in disparate treatment of these newly-identified providers.

    113. In the Second R&O, we also find that sections 107(c) and 109(b) of CALEA provide only limited and temporary relief from compliance requirements, and that they are complementary provisions that serve different purposes, which are, respectively: (1) Extension of the CALEA section 103 compliance deadline; and, (2) recovery of CALEA-imposed costs. We considered the alternative of a less stringent interpretation of these two sections, but concluded that, in designing them, Congress carefully balanced a reasonable compliance period against a firm deadline. Accordingly, we conclude that the statutory language does not permit us to adopt a less stringent interpretation. However, we note that section 109(b) lists 11 criteria for determining whether CALEA compliance is “reasonably achievable” by a particular telecommunications carrier, and one of these criteria is “[t]he financial resources of the telecommunications carrier.” Accordingly, small carriers may petition for relief under this CALEA section, thus possibly mitigating, in some cases, the economic burden of compliance with rules adopted herein.

    114. In the Second R&O, we also find that, in addition to the enforcement remedies through the courts available to LEAs under CALEA section 108, we may take separate enforcement action under section 229(a) of the Communications Act against carriers that fail to comply with the CALEA statute. We considered an alternative, recommended by some commenters, that authority to enforce CALEA lies exclusively with the courts, but we conclude that we have the authority to prescribe CALEA rules and investigate the compliance of those carriers and providers subject to such rules. We also conclude that there should be no disparate treatment of small entities with regard to CALEA enforcement because this would be inconsistent with the statute.

    115. Finally, in the Second R&O, we find that carriers must generally pay for CALEA development and implementation costs incurred after January 1, 1995, but we acknowledge that they may recover costs from other sources, such as from their subscribers. Some commenters argue that carriers with small subscriber bases are less able to bear the costs of CALEA implementation; however, to the extent CALEA costs prohibit these carriers from reasonably achieving CALEA compliance, we again note that CALEA section 109(b) provides a remedy. The carriers can seek a determination from the Commission that CALEA compliance is not reasonably achievable, and, upon such a determination, the Attorney General may agree to pay the costs of compliance for these carriers, or the carriers will be deemed to be in compliance. We believe our approach represents a reasonable accommodation for small carriers.

    F. Report to Congress

    116. The Commission will send a copy of the Second R&O and MO&O, including this FRFA, in a report to be sent to Congress and the Government Accountability Office pursuant to the Congressional Review Act. In addition, the Commission will send a copy of the Second R&O and MO&O and FRFA to the Chief Counsel for Advocacy of the SBA.

    Ordering Clauses

    117. Pursuant to sections 1, 4(i), 7(a), 229, 301, 303, 332, and 410 of the Communications Act of 1934, as amended, and section 102 of the Communications Assistance for Law Enforcement Act, 18 U.S.C. 1001, the Second Report and Order and Memorandum Opinion and Order in ET Docket No. 04-295 is adopted.

    118. Parts 1, 22, 24, and 64 of the Commission's rules, 47 CFR parts 1, 22, 24, and 64, are amended as set forth below. The requirements of the Second Report and Order shall become effective August 4, 2006. The Second Report and Order contains information collection requirements subject to the Paperwork Reduction Act of 1995 (PRA), Public Law 104-13, that are not effective until approved by the Office of Management and Budget. The Federal Communications Commission will publish a document in the Federal Register announcing the effective date of those rules.

    119. The “Petition for Reconsideration and for Clarification of the CALEA Applicability Order” filed by the United States Telecom Association is granted to the extent indicated herein and is denied in all other respects.

    120. The Commission's Consumer and Governmental Affairs Bureau, Reference Information Center, shall send a copy of the Second Report and Order and Memorandum Opinion and Order, including the Final Regulatory Flexibility Analysis, to the Chief Counsel for Advocacy of the Small Business Administration.

    Start List of Subjects

    List of Subjects

    47 CFR Part 1

    • Communications common carriers
    • Reporting and recordkeeping requirements
    • Telecommunications

    47 CFR Part 22

    • Communications common carriers

    47 CFR Part 24

    • Communications common carriers
    • Personal communications services
    • Telecommunications

    47 CFR Part 64

    • Communications common carriers
    • Telecommunications
    • Telephone
    End List of Subjects Start Signature

    Federal Communications Commission.

    Marlene H. Dortch,

    Secretary.

    End Signature

    Rule Changes

    Start Amendment Part

    For the reasons discussed in the preamble, the Federal Communications Commission amends 47 CFR parts 1, 22, 24, and 64 as follows:

    End Amendment Part Start Part

    PART 1—PRACTICE AND PROCEDURE

    End Part Start Amendment Part

    1. The authority citation for part 1 continues to read as follows:

    End Amendment Part Start Authority

    Authority: 15 U.S.C. 79 et seq.; 47 U.S.C. 151, 154(i), 154(j), 155, 157, 225, and 303(r).

    End Authority Start Amendment Part

    2. Subpart Z is added to read as follows:

    End Amendment Part

    Subpart Z—Communications Assistance for Law Enforcement Act

    1.20000 1.20001 1.20002 1.20003 1.20004 1.20005 1.20006 1.20007 1.20008

    Subpart Z—Communications Assistance for Law Enforcement Act

    Purpose.

    Pursuant to the Communications Assistance for Law Enforcement Act (CALEA), Public Law 103-414, 108 Stat. 4279 (1994) (codified as amended in sections of 18 U.S.C. and 47 U.S.C.), this subpart contains rules that require a telecommunications carrier to:

    (a) Ensure that any interception of communications or access to call-identifying information effected within its switching premises can be activated only in accordance with appropriate legal authorization, appropriate carrier authorization, and with the affirmative intervention of an individual officer or employee of the carrier acting in accordance with regulations prescribed by the Commission; and

    (b) Implement the assistance capability requirements of CALEA section 103, 47 U.S.C. 1002, to ensure law enforcement access to authorized wire and electronic communications or call-identifying information.

    Scope.

    The definitions included in 47 CFR 1.20002 shall be used solely for the purpose of implementing CALEA requirements.

    Definitions.

    For purposes of this subpart:

    (a) Appropriate legal authorization. The term appropriate legal authorization means:

    (1) A court order signed by a judge or magistrate authorizing or approving interception of wire or electronic communications; or

    (2) Other authorization, pursuant to 18 U.S.C. 2518(7), or any other relevant federal or state statute.

    (b) Appropriate carrier authorization. The term appropriate carrier authorization means the policies and procedures adopted by telecommunications carriers to supervise and control officers and employees authorized to assist law enforcement in conducting any interception of communications or access to call-identifying information.

    (c) Appropriate authorization. The term appropriate authorization means both appropriate legal authorization and appropriate carrier authorization.

    (d) LEA. The term LEA means law enforcement agency; e.g., the Federal Bureau of Investigation or a local police department.

    (e) Telecommunications carrier. The term telecommunications carrier includes:

    (1) A person or entity engaged in the transmission or switching of wire or electronic communications as a common carrier for hire;

    (2) A person or entity engaged in providing commercial mobile service (as defined in sec. 332(d) of the Communications Act of 1934 (47 U.S.C. 332(d))); or

    (3) A person or entity that the Commission has found is engaged in providing wire or electronic communication switching or transmission service such that the service is a replacement for a substantial portion of the local telephone exchange service and that it is in the public interest to deem such a person or entity to be a telecommunications carrier for purposes of CALEA.

    Policies and procedures for employee supervision and control.

    A telecommunications carrier shall:

    (a) Appoint a senior officer or employee responsible for ensuring that any interception of communications or access to call-identifying information effected within its switching premises can be activated only in accordance with a court order or other lawful authorization and with the affirmative intervention of an individual officer or employee of the carrier.

    (b) Establish policies and procedures to implement paragraph (a) of this section, to include:

    (1) A statement that carrier personnel must receive appropriate legal authorization and appropriate carrier authorization before enabling law enforcement officials and carrier personnel to implement the interception of communications or access to call-identifying information;

    (2) An interpretation of the phrase “appropriate authorization” that encompasses the definitions of appropriate legal authorization and appropriate carrier authorization, as used in paragraph (b)(1) of this section;

    (3) A detailed description of how long it will maintain its records of each interception of communications or access to call-identifying information pursuant to § 1.20004;

    (4) In a separate appendix to the policies and procedures document:

    (i) The name and a description of the job function of the senior officer or employee appointed pursuant to paragraph (a) of this section; and

    (ii) Information necessary for law enforcement agencies to contact the senior officer or employee appointed pursuant to paragraph (a) of this section or other CALEA points of contact on a seven days a week, 24 hours a day basis.

    (c) Report to the affected law enforcement agencies, within a reasonable time upon discovery:

    (1) Any act of compromise of a lawful interception of communications or access to call-identifying information to unauthorized persons or entities; and

    (2) Any act of unlawful electronic surveillance that occurred on its premises.

    Maintaining secure and accurate records.

    (a) A telecommunications carrier shall maintain a secure and accurate record of each interception of communications or access to call-identifying information, made with or without appropriate authorization, in the form of single certification.

    (1) This certification must include, at a minimum, the following information:

    (i) The telephone number(s) and/or circuit identification numbers involved;

    (ii) The start date and time that the carrier enables the interception of communications or access to call identifying information;

    (iii) The identity of the law enforcement officer presenting the authorization;

    (iv) The name of the person signing the appropriate legal authorization;

    (v) The type of interception of communications or access to call-identifying information (e.g., pen register, trap and trace, Title III, FISA); and

    (vi) The name of the telecommunications carriers' personnel who is responsible for overseeing the interception of communication or access to call-identifying information and who is acting in accordance with the carriers' policies established under § 1.20003.

    (2) This certification must be signed by the individual who is responsible for overseeing the interception of communications or access to call-identifying information and who is acting in accordance with the telecommunications carrier's policies established under § 1.20003. This individual will, by his/her signature, certify that the record is complete and accurate.

    (3) This certification must be compiled either contemporaneously with, or within a reasonable period of Start Printed Page 38110time after the initiation of the interception of the communications or access to call-identifying information.

    (4) A telecommunications carrier may satisfy the obligations of paragraph (a) of this section by requiring the individual who is responsible for overseeing the interception of communication or access to call-identifying information and who is acting in accordance with the carriers' policies established under § 1.20003 to sign the certification and append the appropriate legal authorization and any extensions that have been granted. This form of certification must at a minimum include all of the information listed in paragraph (a) of this section.

    (b) A telecommunications carrier shall maintain the secure and accurate records set forth in paragraph (a) of this section for a reasonable period of time as determined by the carrier.

    (c) It is the telecommunications carrier's responsibility to ensure its records are complete and accurate.

    (d) Violation of this rule is subject to the penalties of § 1.20008.

    Submission of policies and procedures and Commission review.

    (a) Each telecommunications carrier shall file with the Commission the policies and procedures it uses to comply with the requirements of this subchapter. These policies and procedures shall be filed with the Federal Communications Commission within 90 days of the effective date of these rules, and thereafter, within 90 days of a carrier's merger or divestiture or a carrier's amendment of its existing policies and procedures.

    (b) The Commission shall review each telecommunications carrier's policies and procedures to determine whether they comply with the requirements of §§ 1.20003 and 1.20004.

    (1) If, upon review, the Commission determines that a telecommunications carrier's policies and procedures do not comply with the requirements established under §§ 1.20003 and 1.20004, the telecommunications carrier shall modify its policies and procedures in accordance with an order released by the Commission.

    (2) The Commission shall review and order modification of a telecommunications carrier's policies and procedures as may be necessary to insure compliance by telecommunications carriers with the requirements of the regulations prescribed under §§ 1.20003 and 1.20004.

    Assistance capability requirements.

    (a) Telecommunications carriers shall provide to a Law Enforcement Agency the assistance capability requirements of CALEA regarding wire and electronic communications and call-identifying information, see 47 U.S.C. 1002. A carrier may satisfy these requirements by complying with publicly available technical requirements or standards adopted by an industry association or standard-setting organization, such as J-STD-025 (current version), or by the Commission.

    (b) Telecommunications carriers shall consult, as necessary, in a timely fashion with manufacturers of its telecommunications transmission and switching equipment and its providers of telecommunications support services for the purpose of ensuring that current and planned equipment, facilities, and services comply with the assistance capability requirements of 47 U.S.C. 1002.

    (c) A manufacturer of telecommunications transmission or switching equipment and a provider of telecommunications support service shall, on a reasonably timely basis and at a reasonable charge, make available to the telecommunications carriers using its equipment, facilities, or services such features or modifications as are necessary to permit such carriers to comply with the assistance capability requirements of 47 U.S.C. 1002.

    Additional assistance capability requirements for wireline, cellular, and PCS telecommunications carriers.

    (a) Definition—(1) Call-identifying information. Call identifying information means dialing or signaling information that identifies the origin, direction, destination, or termination of each communication generated or received by a subscriber by means of any equipment, facility, or service of a telecommunications carrier. Call-identifying information is “reasonably available” to a carrier if it is present at an intercept access point and can be made available without the carrier being unduly burdened with network modifications.

    (2) Collection function. The location where lawfully authorized intercepted communications and call-identifying information is collected by a law enforcement agency (LEA).

    (3) Content of subject-initiated conference calls. Capability that permits a LEA to monitor the content of conversations by all parties connected via a conference call when the facilities under surveillance maintain a circuit connection to the call.

    (4) Destination. A party or place to which a call is being made (e.g., the called party).

    (5) Dialed digit extraction. Capability that permits a LEA to receive on the call data channel a digits dialed by a subject after a call is connected to another carrier's service for processing and routing.

    (6) Direction. A party or place to which a call is re-directed or the party or place from which it came, either incoming or outgoing (e.g., a redirected-to party or redirected-from party).

    (7) IAP. Intercept access point is a point within a carrier's system where some of the communications or call-identifying information of an intercept subject's equipment, facilities, and services are accessed.

    (8) In-band and out-of-band signaling. Capability that permits a LEA to be informed when a network message that provides call identifying information (e.g., ringing, busy, call waiting signal, message light) is generated or sent by the IAP switch to a subject using the facilities under surveillance. Excludes signals generated by customer premises equipment when no network signal is generated.

    (9) J-STD-025. The standard, including the latest version, developed by the Telecommunications Industry Association (TIA) and the Alliance for Telecommunications Industry Solutions (ATIS) for wireline, cellular, and broadband PCS carriers. This standard defines services and features to support lawfully authorized electronic surveillance, and specifies interfaces necessary to deliver intercepted communications and call-identifying information to a LEA. Subsequently, TIA and ATIS published J-STD-025-A and J-STD-025-B.

    (10) Origin. A party initiating a call (e.g., a calling party), or a place from which a call is initiated.

    (11) Party hold, join, drop on conference calls. Capability that permits a LEA to identify the parties to a conference call conversation at all times.

    (12) Subject-initiated dialing and signaling information. Capability that permits a LEA to be informed when a subject using the facilities under surveillance uses services that provide call identifying information, such as call forwarding, call waiting, call hold, and three-way calling. Excludes signals generated by customer premises equipment when no network signal is generated.

    (13) Termination. A party or place at the end of a communication path (e.g. the called or call-receiving party, or the switch of a party that has placed another party on hold).

    (14) Timing information. Capability that permits a LEA to associate call-Start Printed Page 38111identifying information with the content of a call. A call-identifying message must be sent from the carrier's IAP to the LEA's Collection Function within eight seconds of receipt of that message by the IAP at least 95% of the time, and with the call event time-stamped to an accuracy of at least 200 milliseconds.

    (b) In addition to the requirements in § 1.20006, wireline, cellular, and PCS telecommunications carriers shall provide to a LEA the assistance capability requirements regarding wire and electronic communications and call identifying information covered by J-STD-025 (current version), and, subject to the definitions in this section, may satisfy these requirements by complying with J-STD-025 (current version), or by another means of their own choosing. These carriers also shall provide to a LEA the following capabilities:

    (1) Content of subject-initiated conference calls;

    (2) Party hold, join, drop on conference calls;

    (3) Subject-initiated dialing and signaling information;

    (4) In-band and out-of-band signaling;

    (5) Timing information;

    (6) Dialed digit extraction, with a toggle feature that can activate/deactivate this capability.

    Penalties.

    In the event of a telecommunications carrier's violation of this subchapter, the Commission shall enforce the penalties articulated in 47 U.S.C. 503(b) of the Communications Act of 1934 and 47 CFR 1.80.

    Start Part

    PART 22—PUBLIC MOBILE SERVICES

    End Part Start Amendment Part

    3. The authority citation for part 22 continues to read as follows:

    End Amendment Part Start Authority

    Authority: 47 U.S.C. 154, 222, 303, 309, and 332.

    End Authority

    Subpart J—[Removed]

    Start Amendment Part

    4. Remove subpart J, consisting of §§ 22.1100 through 22.1103.

    End Amendment Part Start Part

    PART 24—PERSONAL COMMUNICATIONS SERVICES

    End Part Start Amendment Part

    5. The authority citation for part 24 continues to read as follows:

    End Amendment Part Start Authority

    Authority: 47 U.S.C. 154, 301, 302, 303, 309, and 332.

    End Authority

    Subpart J—[Removed]

    Start Amendment Part

    6. Remove subpart J, consisting of §§ 24.900 through 24.903.

    End Amendment Part Start Part

    PART 64—MISCELLANEOUS RULES RELATING TO COMMON CARRIERS

    End Part Start Amendment Part

    7. The authority citation for part 64 continues to read as follows:

    End Amendment Part Start Authority

    Authority: 47 U.S.C. 154, 254(k); secs. 403(b)(2)(B), (c), Pub. L. 104-104, 110 Stat. 56. Interpret or apply 47 U.S.C. 201, 218, 222, 225, 226, 228, and 254(k) unless otherwise noted.

    End Authority

    Subpart V—[Removed and Reserved]

    Start Amendment Part

    8. Remove and reserve subpart V, consisting of §§ 64.2100 through 64.2106.

    End Amendment Part

    Subpart W—[Removed and Reserved]

    Start Amendment Part

    9. Remove and reserve subpart W, consisting of §§ 64.2200 through 64.2203.

    End Amendment Part End Supplemental Information

    [FR Doc. 06-5954 Filed 7-3-06; 8:45 am]

    BILLING CODE 6712-01-P

Document Information

Effective Date:
8/4/2006
Published:
07/05/2006
Department:
Federal Communications Commission
Entry Type:
Rule
Action:
Final rule.
Document Number:
06-5954
Dates:
Effective August 4, 2006, except for Sec. Sec. 1.20004 and 1.20005, which contain information collection requirements that have not been approved by the Office of Management and Budget. The Federal Communications Commission will publish a document in the Federal Register announcing the effective date of these sections.
Pages:
38091-38111 (21 pages)
Docket Numbers:
ET Docket No. 04-295, RM-10865, FCC 06-56
Topics:
Communications common carriers, Reporting and recordkeeping requirements, Telecommunications, Telephone
PDF File:
06-5954.pdf
CFR: (9)
47 CFR 1.20000
47 CFR 1.20001
47 CFR 1.20002
47 CFR 1.20003
47 CFR 1.20004
More ...