I. Introduction

The Communications Assistance for Law Enforcement Act of 1994 (CALEA) requires telecommunications common carriers to ensure that their introduction of new technologies and services does not interfere with the execution of law enforcement wiretaps and other electronic surveillance. The Omnibus Consolidated Appropriations Act for Fiscal Year 1997 (Pub. L. 104-208) established a Telecommunications Carrier Compliance Fund (TCCF) for making payments to telecommunications carriers, equipment manufacturers and providers of telecommunications support services to modify their equipment and services to comply with CALEA.

In response to concerns about implementation of CALEA, the FY 1997 Appropriations Act required the FBI to submit to Congress a CALEA implementation plan before funds could be expended from the TCCF. The Act required that the plan include: 1) an explanation of law enforcement capability requirements; 2) specific surveillance capacity requirements; 3) a prioritized list of equipment, facilities and services to be modified by carriers to comply with CALEA; and 4) a projected reimbursement plan that estimates per year costs.

CALEA Background. The telecommunications industry has always cooperated, and is committed to continuing to cooperate, with lawful and authorized law enforcement electronic surveillance activity. As technology has developed, electronic surveillance has become easier in some respects, and the widespread use of communications technology means that electronic surveillance can collect far more personal information. Every year in recent years, even as new technologies and services have been introduced, the amount of law enforcement surveillance has increased, with industry providing assistance to more wiretaps today than ever before, leading to more successful law enforcement investigations and convictions.

Nonetheless, law enforcement has been concerned that technological developments make law enforcement interception more difficult in some respects. These difficulties are often encompassed by the term "digital telephony," although digital transmission itself is not really the problem. In hearings in 1994, the FBI cited a variety of concerns, some of which existed in analog systems: problems intercepting calls rerouted through call forwarding, or the inability to identify the destination of a call when a customer used a speed dialing feature.

Following hearings and consultation with industry and privacy groups, Congress responded to these technological developments by enacting CALEA (Pub. L. 103-414). CALEA required telephone companies to ensure that new technologies (and some old technologies) did not impede law enforcement interception of communications.

CALEA was intended to preserve the status quo in terms of law enforcement surveillance, without expanding government capabilities. CALEA requires telephone companies to design (and in some cases retrofit) their networks to ensure that law enforcement agencies can carry out electronic surveillance on advanced digital equipment and services. It imposes on telecommunications carriers four minimum functional requirements, pertaining to (1) the interception of call content; (2) the interception of reasonably available call-identifying information; (3) the delivery to law enforcement of intercepted call content and call-identifying information; and (4) the security of intercept operations and the privacy and security of communications not authorized to be intercepted. CALEA requires manufacturers to make available, "on a reasonably timely basis and at a reasonable charge," such features or modifications as are necessary to permit carriers to comply with CALEA capability and capacity requirements.

CALEA was never intended to serve as an FBI surveillance "wish list." Both House and Senate reports on CALEA stressed that the requirements should be narrowly interpreted.

However, law enforcement has attempted to broadly interpret the requirements of CALEA to mandate a nationwide surveillance capability in excess of traditional interception practices. The most notable and most troubling illustration of this is the FBI effort to use CALEA, in contravention of explicit assurances during the legislative drafting process, to require wireless phone companies to have a location tracking capability built into their systems for law enforcement purposes. The FBI is also claiming, for example, that CALEA mandates interception of certain conference calls after the targeted facility has been dropped from the conversation. Additionally, the FBI has argued that CALEA requires the configuration and delivery of a signaling channel that includes detailed message notifications about both the targeted facility and facilities not identified in the surveillance order.

Capability Must Be Determined by Industry Standards, Not FBI Decrees. The CALEA assistance requirements are phrased in general terms. To develop the details for implementation of these requirements, Congress intentionally rejected a delegation of authority to the FBI. Instead, Congress deferred to carriers and equipment manufacturers to interpret the requirements through the industry standards process. Congress expected that this approach would temper law enforcement demands with considerations of cost, competitiveness, innovation, security and privacy. Congress gave to the FCC, not the FBI, the power to judge whether any industry standard was deficient.

Now, the FBI appears to be trying to rewrite the legislative record, trying to assume to itself the authority that Congress rejected. Instead of supporting efforts by industry to implement promptly a narrow set of requirements -- requirements that would preserve the status quo and be largely achievable within currently deployed systems -- the FBI is claiming that CALEA mandates as a national minimum the installation of many advanced and automated capabilities that go far beyond traditional wiretap capabilities. The FBI's repeated demands for "gold plated" capabilities that far exceed CALEA requirements has significantly retarded development of an industry standard and delayed compliance.

II. Capability Information

A. The FBI's Wish List Is Not Mandated by CALEA

In April 1996, the FBI began to circulate the Electronic Surveillance Interface Document (ESI), describing the delivery format the FBI wanted carriers to use in delivering intercepted communications to law enforcement. In addition, the ESI described the features, capabilities, and types of information that law enforcement would like to receive as part of an interception. These included location information, feature status messages, and service status messages.

However, the ESI should not be viewed as an embodiment of CALEA requirements or as a "safe harbor" for compliance as stated by the FBI. Nothing in CALEA or in the legislative history suggests that Congress intended to mandate the type of design-specific, intrusive, and potentially expensive capabilities that are described in the ESI. Congress stressed that the CALEA requirements were to be narrowly interpreted, and were intended to preserve the status quo. A number of elements of the ESI represent proposed enhancements of surveillance capability. Law enforcement can take advantage of these enhancements if they arise in the course of service development, but CALEA does not mandate that they be made available universally.

The implementation plan is misleading, therefore, in treating the ESI as an embodiment of CALEA's assistance capability requirements. It is not. The ESI contains several features that exceed CALEA requirements. These features were rejected by the industry standards groups for inclusion in the standard intended to implement CALEA. The rejected features also would violate customer privacy and present immense technical problems for carriers.

B. Congress Intended to Allow Industry to Set Standards

Section 107 of CALEA specifically authorizes industry, not law enforcement, to develop compliance standards.

When the ESI was first circulated, it was described by the FBI as a "safe harbor" standard, compliance with which would satisfy CALEA. After widespread criticism of this as a usurpation of industry's explicit role under Section 107 of CALEA, the FBI recharacterized the ESI as merely a contribution to the industry standards process, which was then well underway. In the implementation plan, the ESI is once again treated by the FBI as a de facto safe harbor standard.

The FBI, as the implementation plan indicates, has had extensive input into the standards setting process (190 meetings with industry to express law enforcement's views). The FBI's approach to implementation has gone well beyond the consultative role contemplated by CALEA for law enforcement, and in part explains why it has been so difficult to develop standards. Even when viewed as law enforcement's contribution to the industry standards process, the ESI was disruptive. For months while the ESI was in preparation, law enforcement simply took no position or deferred comment on standards issues. When the ESI was delivered, it had little relationship to the standard document under discussion by the industry group. The ESI was not intended to be integrated into the standard nor to address existing standard elements; rather, it was intended to be a take it or leave it alternative. The standards body nonetheless took up the ESI, preparing side by side comparisons with the draft standards document in an effort to accommodate as much of the government's requirements as possible. All of this effort caused significant delay in completing the standard.

Now that the standards process has produced a proposed standard, it is contrary to the intent of CALEA for the FBI to continue its insistence that the standard is deficient because it did not incorporate all of the FBI's recommendations. The nature of the standards process is that no party has all of its contributions accepted. In this case, while industry was respectful of what law enforcement wanted, it was bound by what CALEA mandated, and many of the FBI's proposals went beyond CALEA.

Sections 103 and 107 of CALEA allow for multiple industry or even individual carrier technical solutions to implement law enforcement requirements. The FBI is expressly prohibited (Section 103) from dictating or requiring system design features. The FBI's insistence on the ESI as essentially the only acceptable means for compliance, as well as its attempt to draw industry into "cooperative agreements" to implement the ESI, represent exactly what the FBI is prohibited from accomplishing under CALEA--the dictating of specific designs and systems configurations. It has led to the delays in implementing the law.

In addition to going beyond CALEA, the ESI cannot substitute for an industry standard because (1) it is not "adopted by an industry association or standard-setting organization," and (2) it is not "publicly available." (The ESI is marked "U.S. GOVERNMENT RESTRICTED - FOR OFFICIAL USE ONLY.") Unlike an industry standard, the ESI cannot be challenged under CALEA by privacy groups, industry or any other person. It is not subject to the public accountability that Congress deemed essential to CALEA compliance.

FBI Claim: The FBI states that the Electronic Surveillance Interface (ESI) "would satisfy law enforcement's prospective electronic surveillance needs and would constitute an acceptable means of achieving compliance with the delivery capability requirements under Section 103 of CALEA." (Page 13.)

• The ESI is not "acceptable" to industry. In any event, this claim is irrelevant. The ESI represents only the view of law enforcement. CALEA does not give the FBI the power to create an alternative standard for compliance, nor does it allow the FBI to use CALEA to obtain expanded capabilities.

C. Industry Has Acted Expeditiously to Develop a CALEA Standard

Industry has proceeded expeditiously and in good faith to develop a standard for CALEA compliance. The standards process was begun in the Spring of 1995. By October 1995, the proposed standard, known as PN-3580, was 170 pages in length. The FBI began limited circulation of the ESI in April 1996, and did not "issue" it until June 24, 1996, almost 15 months after the industry process was begun.

The drafting of the proposed industry standard is finished, and the proposal, now officially referred to as SP (Standards Proposal)-3580, is currently undergoing a "balloting" process, through May 12, under the auspices of the Telecommunications Industry Association. It is also undergoing Public Review at the American National Standards Institute through June 24, 1997.

The proposed industry standard is attached.

D. FBI Attacks on the Proposed Industry Standard are Unjustified and are Delaying CALEA Implementation

The proposed standard has many of the same features as the ESI. However, it does not include some features that the FBI recommended, because such capabilities had no basis in CALEA.

FBI Claim: The FBI argues that the proposed industry standard SP-3580 is deficient for not including certain functionality proposed in the ESI. The implication is that the FBI may challenge the standard as deficient unless the ESI is accepted.

• In fact, the ESI was prepared by the FBI after the industry standard was well along in the drafting process. The ESI actually was based on the draft industry standard. The FBI fails to admit that there is substantial overlap between the ESI and the proposed standard.

• Even though the ESI was put forth by the FBI after the industry standards process was well underway, industry carefully vetted the ESI in the standards process. Although it took considerable time for industry to sort through the ESI, some of the features and delivery preferences that made sense were incorporated in the industry standard. Overall, though, the consensus of the engineering community was that the ESI was technically unrealistic. For example, the ESI defined "expeditious" as within 500 milliseconds (half a second) when companies cannot even guarantee they can route ordinary calls in that time. This is one example of how the ESI elevates surveillance over ordinary call processing.

• The FBI is unjustified in claiming that the standard is deficient as falling short of the ESI, since the items in the ESI that were not included in the standard are not mandated by CALEA.

FBI Claim: The FBI suggests that the ESI has wide-spread support.

• The FBI plan makes no mention of the extensive criticism of the ESI from the industry. Companies had significant concerns with the scope and direction of the ESI requirements as producing an expansion of the government's electronic surveillance capability beyond that authorized by CALEA. The FBI's assessment of the ESI completely ignores significant controversy and delay the document caused within the standards setting process. The FBI never acknowledges that much of the ESI imposes detailed and technology specific delivery methods that go well beyond that required by CALEA and are not appropriate for a CALEA standard. It took industry many months to sort through the ESI and remove those requirements that merely represented the FBI's delivery preferences.

FBI Claim: The FBI complains that the SP-3580 standards document is "open ended" and lacks "technical specificity" as compared to the ESI.

• A glance at the attached proposed industry standard will serve to refute this argument. Nonetheless, it is common practice for a standards document to be somewhat general in nature, allowing the thousands of carriers in the U.S. a multiplicity of options to provide a certain functionality. Companies can then provide the specificity to their manufacturers that is appropriate for their network(s), thus avoiding the situation where a narrowly focused standard would place an undue burden on small companies or new entrants in the market. 1

• Congress intended the industry to develop a standard, not a specification. The distinction is critical. A standard allows for innovation and different means to achieve the same object. A specification dictates the solution in a one-size-fits-all manner. The industry standard will allow carriers and manufacturers to build compliant equipment for the future. The ESI would freeze innovation.

• Section 103(b) of CALEA forbids law enforcement from requiring any carrier to adopt any specific design of equipment, facilities, services, features or systems. CALEA was intended to give carriers flexibility in meeting surveillance requirements so as not to impede development of new technology. A highly detailed "one size fits all" standard would result in dictated design solutions that impede technological development.

FBI Claim: The Implementation Plan states that the industry developed standard, SP-3580, "does not include all of the functionality required to satisfy evidentiary needs dictated by law and the courts." p. 11

• The FBI does not specify what "evidentiary needs" are not satisfied by the industry standard. We believe there are none. The industry standard requires the delivery with call content of a call-identifying channel that allows the content to be linked to a particular subscriber. The FBI has hypothetically suggested that a clever defense lawyer may challenge the linking of an intercepted communication with a particular person. Nothing can prevent a defense lawyer from raising such an argument. But the courts have always been very willing to admit electronic surveillance evidence. Indeed, SP-3580 would provide more information, in a format more suitable to law enforcement, than traditional wiretaps. The Justice Department itself has emphasized, in other submissions to Congress, that wiretap evidence is rarely excluded. If there are any specific provisions of law and court decisions that the FBI is referring to, it should disclose them and explain how it believes information delivered by carriers under the proposed standard would not meet evidentiary standards. It is our understanding that there are no laws and no court decisions that would exclude interception evidence that is collected as contemplated in SP-3580. To the extent that the FBI is referring to its desire that telephone systems be designed to capture even more information on more people, this is merely another version of the FBI's complaint that the proposed industry standard rejected its requests to use CALEA to expand surveillance capabilities in contravention of Congressional intent.
  

III. Capacity Information

Under CALEA, telecommunications carriers are required to install, upon government request and at government expense, sufficient capacity to accommodate multiple simultaneous law enforcement intercepts. On January 14, 1997, the FBI released its Second Capacity Notice. (The first Capacity Notice, issued in October 1995, was roundly criticized and was withdrawn. It took over a year for the FBI to issue a new notice.) The Second Notice sets forth projected numbers of wireline and wireless surveillances, based on an analysis of a historical baseline of electronic surveillance activity.

The implementation plan fails to mention that the Second Notice, like the first, has been subject to widespread criticism by both industry and privacy groups. It also fails to mention that while CALEA envisioned final notice of capacity requirements within one year following enactment, with industry compliance three years after that, the final notice is not yet available. This fact further demonstrates the level of complexity and the resulting delay inherent in CALEA implementation.

• The Second Notice uses a method of measuring historical "simultaneous" surveillance activity that grossly exaggerates peaks of surveillance activity. (See Comments in response to the FBI's Second Notice of Capacity Requirements, filed by CTIA, USTA, PCIA, CDT and the Telecommunications Industry Association, attached.)

• The Second Notice fails to provide actual numbers by type of surveillance, even though CALEA requires a distinction between interceptions of call content and interceptions of call-identifying information through pen registers or trap and trace devices. The Second Notice lumps together call content intercepts with interceptions of call-identifying information through pen register and trap and traces, even though the latter account for 90% of surveillance activity. The distinction is important because call content capacity is more intrusive (and may be more expensive) than call-identifying capacity. Congress wanted companies to use technology that limited the amount of information provided to law enforcement under pen register and trap and trace authority. The Second Notice ignores that intent and the implementation plan does not acknowledge the controversy.

• The Second Notice is ambiguous. It can be read to require each and every carrier serving a particular area to install capacity sufficient to meet the total surveillance needs for that region, even when two or more carriers divide the market in such a way that the surveillance activity would be distributed among them. This interpretation, unless clarified would result in the installation of useless capacity.

• Despite clear Congressional direction that the government was to pay for increased capacity requirements, the FBI has informed industry that once the capacity notice is final, new entrants must bear their own costs for deploying capacity and that each new switch deployed after the notice is final, whether deployed by existing carriers or new entrants, must meet the full capacity requirements for the entire county or geographic area, and at the carrier's own expense. Not only does this create tremendous latent capacity far in excess of the actual or maximum capacity numbers disclosed in the notice, but it fully and improperly shifts the cost of capacity to carriers.

• The Second Notice requires installation of surveillance capacity in rural areas that have a history of zero surveillance activity.

• The implementation plan suggests that capacity will be negotiable within a carrier's network. (See p. 20.) In other words, carriers may or may not have to meet the capacity requirements set forth in the Second Capacity Notice, depending on what they negotiate privately with the FBI. Thus, the Notice has not met the clear specificity and public accountability requirements of CALEA, and the implementation plan has not met Congress' directive in the Appropriations Act.

When it adopted CALEA, Congress assumed that capacity requirements could be finalized by October 25, 1995. The FBI's failure in finalizing capacity numbers has impeded development of hardware and software for CALEA compliance.

IV. Prioritization of Equipment, Facilities and Services Modifications

CALEA anticipated a prioritization by law enforcement of how and where to allocate resources, and the appropriations act directed the FBI to provide a "prioritized list of carrier equipment, facilities, and services" to be modified. The plan fails to make this prioritization.

• There is no prioritization of carrier equipment. Instead, the plan merely lists 19 existing switch platforms currently utilized in the United States, which account for 96-97% of past law enforcement surveillances, and says that the FBI can afford to pay for modification of 14 of these. It does not say which 14. But does not say how it is sure, in the absence of a selection, that it can pay for 14 platforms. The designation of the specific 14 is obviously critical, since until the 14 are identified manufacturers will be hesitant to go ahead designing modifications to any of the 19.

• There is no prioritization among services. What services or features will receive highest priority and what is the anticipated cost of bringing these services and features into compliance? The plan does not say.

• There is no prioritization among service providers or service areas. The FBI does not say whether it will focus on certain service providers or on high crime areas, or whether it will apply any other criteria to decide what it does first.

Indeed, far from prioritizing, it is clear from the implementation plan that the FBI's goal is to obtain implementation of its entire "wish list," as reflected in the ESI. The FBI is requiring carriers to price-out its capability wish list, and clearly intends to use the TCCF to pay equipment manufacturers to build to the ESI, regardless of what CALEA requires. The FBI is using its reimbursement powers to ensure that its desired standard is implemented.

This raises an interesting question: Is it proper for the FBI to use CALEA funds to pay for capabilities not mandated under CALEA?

In a good faith effort to be cooperative, companies are taking steps to cost out SP-3580. But the FBI is using the pricing study to promote the ESI. The industry has reluctantly agreed to cost out elements of the ESI, but this is only diverting resources and causing further delays.

The FBI fails to acknowledge the significant industry concerns regarding its cooperative agreement process. Contrary to the FBI's assertions, no carriers are close to signing a cooperative agreement because these agreements impose onerous and inappropriate obligations on carriers. Moreover, by insisting that the industry cost-out the additional capabilities on its "wish list" the FBI is consuming valuable resources that could be used to speed development of equipment complying with PN-3580.

Prioritization is essential for several reasons. CALEA contemplated prioritization to force law enforcement to identify in a publicly accountable manner where and how it intends to focus its activities. Limited funding authorized by CALEA further would cause law enforcement to choose the most cost effective, highest priority capabilities and capacities. CALEA did not intend to provide law enforcement with a blank check for ubiquitous or "gold plated" surveillance capabilities or capacities, nor did it intend to allow law enforcement to shift costs of retrofitting network technology from a government responsibility to industry. Moreover, without prioritization, industry is led to believe that there is no intent to reimburse carriers for their reasonable costs of compliance and/or that they will need to modify all equipment, services, and facilities.

Finally, the need for prioritization is even more evident in the case of small companies that may have little or no history of electronic surveillance activity of any type. These companies also more commonly may deploy the kinds of network equipment and technology not identified in the FBI's list of the 19 most common switching platforms. These small telephone companies are especially affected by a lack of prioritization. They need specific guidance on what compliance requirements are expected of them and how and whether they will be reimbursed.

V. Projected Reimbursement Plan:

The FBI implementation plan makes no real disclosure regarding costs to implement CALEA. It is remarkable that the FBI failed to distinguish between how much it will spend for capacity and how much it will spend for capability. The plan simply spreads the $500 million evenly over 5 years and tells Congress that the FBI will be more specific next year when it knows more. The projected reimbursement plan is based on government cost estimates by "subject matter experts." (page 27). What are the government estimates? Who are the subject matter experts and how did they arrive at their estimates? Any government cost estimates are suspect at best because the standard is not complete, and manufacturers have only preliminary information about systems engineering and cost analysis requirements. Virtually no implementation cost information has been obtained from the carriers by the FBI. Moreover, if the FBI insists that the ESI is its bottom line, then the extent to which the ESI exceeds industry standards will only add to the costs of compliance. The plan fails to address either the costs of SP-3580 (the industry standard currently released for balloting) or the excess costs of those items in the ESI which are not found in SP-3580.

CALEA permits switch manufacturers to make features available at a "reasonable charge" and for carriers to be reimbursed for "all reasonable costs" of their compliance. But the plan reinforces the FBI's intent to treat CALEA like a government procurement, requiring "cooperative agreements" based on government procurement procedures. This approach has caused unnecessary delays and implementation complications. CALEA does not require "cooperative agreements" or any other particular form of agreement as the only means of compliance or of seeking reimbursement. CALEA is not a government procurement program. It is more reasonable and cost-effective to structure reimbursement as simple claims for reimbursement -- as CALEA provides -- rather than as procurements.

The Cost Recovery Rules developed by the FBI, by incorrectly contemplating a government procurement process, would impose significant burdens on telecommunications carriers. In order to provide the details that are specified by the FBI in regard to cost estimates and billing information, the carriers would have to modify existing financial systems or develop entirely new systems. Although these concerns were expressed by numerous parties during the review process, the FBI chose to largely ignore them.

The Final Cost Recovery Rules are an example of the FBI's attempt to hide the true cost of CALEA compliance. By narrowly defining recoverable costs under CALEA, they shift the cost of compliance to carriers. At the same time, the FBI inserted a definition in the final rules that would render obsolete an entire generation of switches and eliminate the secondary market in used switches so depended upon by smaller carriers. The FBI defined "deployed or installed" to mean operational in a carrier's network. Thus if a carrier bought a switch the day before CALEA was enacted and intended to deploy it the following year, the FBI has determined that it is non-compliant and that it is not subject to reimbursement for any upgrade to make it compliant. In short, the FBI shifted the entire cost of the transition period to carriers. A rulemaking on what constitutes a "significant upgrade" and "major modification" is pending and we have no doubt that the FBI will give these terms the widest definitions as well so as to continue to shift the cost of compliance to carriers.

A specific unresolved issue is the reimbursement of carriers for retrofitting the increasing universe of current equipment that was installed, deployed or upgraded after January 1, 1995. CALEA has a presumption that such equipment would be CALEA-compliant. As a safety-valve, Congress created a procedure for any company to petition the FCC for a determination that compliance was not reasonably achievable for equipment installed, deployed or upgraded after 1/1/95. Given the delay in resolving disputes over the interpretation of CALEA, it has been impossible for companies to install CALEA-compliant equipment, yet they have had to move forward with system upgrades. The FBI plan assumes that every switching platform currently in use needs to be modified to comply with CALEA. Yet carriers have, of necessity, continued to upgrade and expand their systems by installing this apparently non-compliant equipment. How will the FBI treat this equipment? Will the FBI reimburse carriers for retrofitting this equipment once "solutions" are available? The implementation plan does not answer these questions.

CALEA makes clear that Congress intended to reimburse carriers for their reasonable costs of retrofitting equipment during the time that CALEA technology is being developed and made available to carriers. Existing network equipment that could not have incorporated CALEA technology (because it didn't exist) should be deemed in compliance until the government reimburses the carrier to bring it into compliance with CALEA technology, and if necessary, the legislation should be amended to make this clear.

CALEA did not intend to shift costs from government to industry for retrofitting networks with CALEA technology. Therefore, until such time that CALEA technology is available, or unless the carrier is reimbursed to retrofit network facilities to bring them into compliance, Congress should ensure that equipment that has been deployed by telecommunications carriers after January 1, 1995 and before such time as CALEA technology is reasonably available, must be considered in compliance with CALEA.

Finally, it should be noted that carriers continue to cooperate with law enforcement in providing assistance to their efforts to conduct legally authorized electronic surveillance. There are no known cases that USTA or CTIA member companies are aware of where carriers have been unable to provide such surveillance assistance for law enforcement. Indeed, there is more electronic surveillance activity now than ever before -- using existing telecommunications network facilities and technology.

Implementation Delays and Compliance Dates:

The implementation plan admits that technology to comply with CALEA does not yet exist. The plan basically admits that CALEA-compliant technology will not be available even by the October 1998 deadline. The plan says that systems engineering takes 6 months and will not begin until the second quarter of 1997 (assuming the balloting process reveals no requirements to modify the industry standard). Engineering development takes another 12 months. Then production, deployment and testing must follow, although the FBI plan puts no estimate on how long those steps will take. Given even the optimistic time line advanced by the FBI's plan, the FBI admits that installation of upgrades to the embedded base will not be ready to begin until 1999. The schedule should be no different for new deployments.

While CALEA provides for a compliance deadline extension by petition to the FCC, this waiver process would itself be time-consuming and could potentially overwhelm the FCC, which might have to review each waiver for each facility or service at issue. Industry needs greater assurance when investing in and deploying network technology. Thus, the October, 1998, compliance date should be moved to a time that reflects when CALEA technology is reasonably available.

Recommendations

The committees should hold hearings to examine the FBI's CALEA implementation plan for the purpose of (i) ensuring that CALEA funds are not expended on requiring the ubiquitous installation of surveillance enhancements that are outside the scope of CALEA but are limited to achieving compliance with the features reflected in the industry standard; (ii) to determine whether the compliance dates of January 1, 1995 and October 25, 1998 are still valid, reasonable, and achievable, given the unanticipated delays that have occurred in the implementation process; and (iii) to address the other concerns raised herein.

Notes:

¹ The FBI plan also refers to "SR-3529," a document funded by six of the Regional Bell Operating Companies through Bellcore, for the purpose of conducting pricing estimates on various surveillance features. This document exists in several versions, including an "M" ("minimum") version, which reflects the features contained in SP-3580, and a "P" ("premium") version that includes many of the features found in the FBI's ESI that were not included in SP-3580. When the FBI refers favorably to SR-3529, it is presumably referring to the "P" version. All versions of the document specifically state that none of the features or functions identified therein indicate conformity with, or acceptance of, CALEA safe harbor standards. The FBI's implementation plan fails to mention these caveats.