|
|
Before the
FCC Washington, D.C. 20554 In the Matter of Communications Assistance for Law Enforcement Act: Extension of October 1998 Compliance Date April 2, 1998 |
|
|
In the Matter of ) ) Communications Assistance ) CC Docket No. 97-213 For Law Enforcement Act: ) Extension of October 1998 ) Compliance Date )
INTRODUCTION
The Commission has now received multiple requests from public interest organizations, various industry associations, and individual telecommunications carriers and equipment manufacturers, all urging an extension of the October 1998 CALEA compliance date. The reason for this broad support for extending the compliance date is simple - there is no agreement on what CALEA requires. And until the Commission decides what compliance with the Act means, it is unreasonable to expect manufacturers to begin seriously developing the requisite solutions for CALEA compliance and impossible for carriers to integrate into their networks CALEA-compliant equipment that is non-existent.
What has become clear is that the Federal Bureau of Investigation's ("FBI") approach to CALEA would effectively rewrite the legislation in ways that would abrogate the balanced policy that is reflected in the Act and its legislative history. While Congress intended that CALEA would preserve a narrowly focused law enforcement surveillance capability in the face of technological change, it did not intend the result that the FBI demands - the expansion of law enforcement surveillance capabilities, and the forced integration of specific enhanced surveillance features into the nation's telecommunications infrastructure. This overreaching has thrown the Act's implementation into a state of chaos, to the point of raising serious questions about CALEA's continued viability.
Through the FBI's unrelenting pressure on the industry standards-setting process, provisions were included in the interim standard that go well beyond what the Act requires in ways that seriously infringe constitutionally protected privacy interests. Notably, the interim standard mandates a location tracking capability for wireless phones when Congress clearly intended to exclude location information from the Act's requirements. At the same time, the interim standard, if implemented, would allow the government to acquire, in packet-switched environments, all of a person's communications, in situations where the particular legal process obtained by a law enforcement agency authorizes access to addressing or dialing information only. In addition, the FBI has objected to the interim standard insisting on the inclusion of even more surveillance features -- the FBI's so-called "punch list," which goes still further beyond the Act.
Placed squarely before the Commission is what to do in the face of the resulting deadlock in CALEA's implementation. As the Commission has recognized, there are two overarching issues in this debate. The first, which is the subject of these comments, is what to do about the looming October 1998 compliance date. Clearly, as everyone who has addressed this issue has recognized, the October deadline cannot stand. There is simply no way that industry can make its networks CALEA-compliant in five short months given the controversy over the meaning of the Act itself and the long lead time necessary for implementation. Once the Commission concludes that the October 1998 compliance date must be extended, the Commission must then decide how much additional time the industry should be given to comply with the Act's requirements. In these comments, CDT suggests an approach that the Commission should use in addressing these issues.
The second broad question, which will be the subject of the May 20 comments, is the substance of CALEA itself. On May 20, CDT will address the wireless location and packet-switching elements of the interim standard, as well as the items of concern contained in the FBI's punch list. The Commission, however, should not limit its review of CALEA's implementation
to the two items put in dispute by CDT and the nine or so items raised by the FBI's punch list. Instead, the Commission should start from the fact that there are relatively few problems that exist at the heart of CALEA.
Among the central concerns of Congress in drafting CALEA were (1) who should control the design of the nation's telecommunications systems and (2) what interests should govern that design. In CALEA, Congress was explicit in providing that the telecommunications industry itself, not law enforcement, was in control of the design, subject to the oversight of this Commission. Congress was also explicit in providing that the interests of law enforcement should not dominate, but rather should be balanced with privacy interests and the interests of industry in competitiveness and innovation. The statute required the preservation of a narrowly focused surveillance capability. The requirements were intended as both a floor and a ceiling. The interim standard departs from these principles in that many of the elements cannot be tied directly to the requirements of Section 103 of CALEA.
If CALEA is ever to be implemented so that law enforcement can obtain the necessary content and dialing information where authorized to do so, the industry and the FBI, now under the watchful eye of the Commission, must confine themselves to a much narrow implementation of the Act. Any other approach will prevent compliance with the Act from ever being "reasonably achievable," for carriers will be continually buried under a blizzard of software coding changes and the Commission will be perpetually confronted with punch lists and deficiency petitions. At a minimum, though, as CDT will show in its May 20 comments, the wireless location and packet-switching standards adopted in the interim standard, and the FBI's punch list, have no place in a CALEA-mandated standard.
DISCUSSION
A. The Commission Should Extend The October 25, 1998 Compliance Date
The immediate reason why an extension of the compliance date is needed is that drafting of the industry standard was seriously delayed and then the resulting interim standard was cast into limbo by the FBI's insistence on the inclusion of its punch list. But as the FBI will argue, without an extension, the absence of a standard does not excuse carriers from compliance with CALEA nor insulate them from potential CALEA enforcement actions.
At present, there is no agreement as to what CALEA requires, and carriers cannot be expected to "comply" with CALEA in the face of such uncertainty. Manufacturers have not built CALEA-compliant equipment because they do not know what a piece of CALEA-compliant equipment must look like. There can be little debate under these circumstances that compliance is impossible by the October 1998 deadline and, thus, the Commission must act to extend the compliance date.
In these circumstances, CALEA provides the Commission with broad authority to extend the compliance date. For example, section 107(c) states that:
The Commission may, . . . grant an extension . . . if the Commission determines that compliance with the assistance capability requirements . . . is not reasonably achievable through application of technology available within the compliance period.
On its face, this provision gives the Commission ample authority to extend the compliance date under the circumstances presently surrounding the Act's implementation.
A further source of Commission authority to extend the compliance date exists under Section 109(b), which CDT has invoked as an interested person authorized by that section to bring a petition before the Commission. This provision also provides the Commission with plenary authority to address precisely the type of situation that exists here:
The Commission, on petition from a telecommunications carrier or any other interested person, . . . shall determine whether compliance with the assistance capability requirements of section 103 is reasonably achievable with respect to any equipment, facility, or service installed or deployed after January 1, 1995.
Under either of these provisions, the Commission has ample authority to order an extension of the CALEA compliance date. The Commission should immediately do so given the complete failure of agreement on just what CALEA requires, and what should be included in and excluded from the industry standard for CALEA compliance.
Upon extending the compliance date, the Commission need not, at this time, specify a new date for compliance, but should await final resolution of the substantive CALEA issues. Without knowing the contours of the Act's requirements, it is hypothetical, premature and unnecessary for the Commission to decide now for how long the CALEA deadline should be extended. On the one hand, the more narrowly the Commission interprets CALEA, the less time it will take to implement. For example, compliance under the scaled-back approach proposed by CDT may take less than 24 months. On the other hand, the more broadly the Commission interprets CALEA, the longer the compliance period will be and the more costly it will be to implement. These factors must be considered under Section 107, but it will be most efficient to consider them after the scope of CALEA's requirements is determined.
B. The Commission Should Undertake A Full Review Of The Scope Of CALEA
Having extended the compliance deadline, the Commission should review the entire interim standard. The interim standard goes too far in redesigning the signaling channel of covered networks. It unnecessarily includes many provisions that are not related to business necessity and that cannot be found in any of the requirements of Section 103 of CALEA. These portions of the standard, whether or not they have a direct impact on privacy, clearly violate the intent of Congress that the capability assistance requirements of CALEA be narrowly construed. They consist of items inserted for the convenience of law enforcement, which carriers included in the hope that they could reach a negotiated settlement with the FBI. Now the inclusion of these items must be reexamined. They represent a designing of the telephone signaling channel for the convenience of law enforcement in a way that Congress never intended and, in fact, in a way that Congress intended to preclude.
The Commission has already begun this process by requesting the comments due on May 20, 1998. In its review, the Commission should consider that compliance with the Act is not reasonably achievable at this time because the FBI and the industry tried to develop a 100 percent comprehensive surveillance interface standard for the handling of intercepted data. It is now clear that CALEA will only be implemented, if it can be implemented at all, with a strict focus on preserving a core surveillance capability, tied directly to the Section 103 requirements rather than attempting to maximize the surveillance potential of digital technology.
If the Commission remands the interim standard to the industry subcommittee, it should direct the subcommittee to focus on the basic features that were originally raised by the FBI in 1994 (call forwarding, speed dialing, call waiting and conference calling) to ensure the implementation of the Act serves its intended purpose. Once a final industry standard is established, either by the Commission or by the industry subcommittee, the Commission should then set an appropriate implementation period pursuant to Section 107 of the Act.
C. Alternatively, The Commission Should Adopt Only The Undisputed Portions Of The Interim Standard As The Act's Safe Harbor
If the Commission concludes that CALEA compliance must begin immediately, before the scope of the Act is decided, the Commission should adopt only the undisputed portions of the interim standard as the Act's safe harbor. In other words, if the Commission concludes that the competing interests at stake would best be served by commencing implementation now, the Commission should not order compliance on the disputed location and packet switching provisions, nor, of course, the FBI's punch list.
If the Commission were to require compliance with any of the disputed items at this time, it would severely prejudice resolution of these issues later. First, telecommunications carriers and manufacturers will be forced to expend enormous amounts of money and engineering resources to build these capabilities into their systems when, in the end, the items may not be required at all, and in fact, may be in violation of CALEA. Second, if the items are not required (and CDT will show that they are not), on top of the resources wasted in implementing these capabilities, telecommunications carriers and manufacturers will be required to expend additional funds to remove the capabilities from their products and services, a bill the government will unlikely be willing to pay.
For these reasons, if the Commission decides to adopt a partial solution pending resolution of the entire proceeding so that CALEA compliance can begin immediately, the standard it adopts should only include the undisputed portions of the industry's interim standard. Any other approach would run the risk of requiring manufacturers and carriers to unravel what they have woven, and prejudice parties such as CDT, who have raised objections to aspects of the interim standard.
CONCLUSION
For the foregoing reasons, CDT respectfully requests that the Commission immediately extend the October 25, 1998 CALEA compliance date, holding in abeyance its decision on a new compliance date pending its determination of the CALEA standard. As part of that process the Commission should undertake a review of the entire interim standard, pursuant to the comments
due on May 20, 1998, to determine what the Act requires. Upon issuance of a final industry standard, the Commission should then set an appropriate implementation period pursuant to the Act. If, however, the Commission is inclined to act now, it should adopt only the uncontested portions of the interim standard (setting the compliance date for these items only). Such an approach is the only alternative course that does not prejudice the parties' legal and economic positions.
Respectfully submitted,
CENTER FOR DEMOCRACY AND TECHNOLOGY
_______________________________________ _____________________________ James X. Dempsey, Senior Staff Counsel Martin L. Stern Daniel J. Weitzner, Deputy Director Lisa A. Leventhal Center for Democracy and Technology Preston Gates Ellis & Rouvelas 1634 Eye Street, N.W., Suite 1100 Meeds LLP Washington, D.C. 20006 1735 New York Avenue, N.W. (202) 637-9899 Suite 500 Washington, D.C. 20006 (202) 628-1700 Attorneys for Center for Democracy and Technology
