The CALEA, Personal Privacy For Citizens, and Compliance

The CALEA, Personal Privacy For Citizens, and Compliance

The Communications Assistance for Law Enforcement Act or CALEA for short is a federal law that was passed by U.S. Congress in 1994. The CALEA was passed for the purposes of preserving the ability of law enforcement agencies within the U.S. to both conduct electronic surveillance as well as protect the privacy of information outside of the scope of investigations. Under the CALEA, telecommunications companies and manufacturers of telecommunications-related equipment are required to “design their equipment, facilities, and services to ensure that they have the necessary surveillance capabilities to comply with legal requests for information”. The CALEA was initially passed in response to the FBI’s concerns that the increasing use of digital telephone exchanges in the 1990s would lead to difficulties in taping certain phone lines. However, the provisions of the CALEA have since been expanded to include both VoIP and broadband internet access.

How do telecommunications companies achieve CALEA compliance?

A telecommunications company that operates within the U.S. can achieve CALEA compliance in a number of ways. Some of these ways include:

  • Telecommunications carriers can develop their own compliance solutions for use in their own unique networks.
  • Telecommunications carriers can purchase compliance solutions from vendors, such as the companies that manufacture the equipment that said carriers use when providing services.
  • Telecommunications carriers can purchase compliance solutions from a trusted third party or TTP for short.

Moreover, per section 102(8) of the CALEA, telecommunications carriers “must file and maintain up-to-date System Security and Integrity (SSI) plans with the Commission, as those plans are described in 47 C.F.R. § 1.20005. This information includes a description of how the service provider complies with CALEA, and carrier contact information which the FCC shares with the FBI. Such information is not disclosed to the public. This information collection has been approved by the Office of Management and Budget, control number 3060-0809, 77 FR 156 (2012). A sample SSI plan checklist is available online”. To this point, some requirements set forth by the CALEA SSI Policies and Procedures Checklist include the following:

  • The name of the senior officer or another related employee who is responsible for CALEA compliance.
  • The specific job description of this individual.
  • The means and manner by which this individual may be contacted, 24/7.
  • Requiring that telecommunications “carrier personnel must receive appropriate legal authorization and appropriate carrier authorization before enabling law enforcement officials to implement an interception of communications or access to call-identifying information”.
  • Mandating that telecommunications carriers will report security breaches to all affected law enforcement agencies.
  • Requiring records of each individual access or interception to include “telephone number or circuit ID, start date and time, and the name of the law enforcement officer presenting the authorization”, among other forms of pertinent information.

What are the penalties for violating the provisions of the CALEA?

There are a variety of monetary and criminal penalties that can be imposed upon individuals who violate the provisions of CALEA. As is the case with many federal laws pertaining to communications, the CALEA is enforced by the Federal Communications Commission or FCC for short. As such, the following are a list of actions that are deemed to be in violation of the CALEA, as well as the penalties that can result from engaging in such actions:

  • “Prohibits the use, production, or possession of an altered telecommunication instrument, a scanning receiver, or hardware or software used to alter such instruments to obtain unauthorized access to telecommunications services. Imposes 15 years’ imprisonment and a fine of $50,000 or twice the value obtained by the offense”.
  • “Revises the definition of “wire and electronic communication” for purposes of provisions prohibiting interception thereof to include the radio portion of a cordless telephone communication that is transmitted between the cordless telephone handset and the base unit. Imposes a fine of up to $500 upon any person who intentionally intercepts such communications”.
  • “Authorizes the Attorney General, in a civil action in the appropriate U.S. district court, to obtain an order in accordance with this Act directing that a carrier, a manufacturer of its equipment, or a provider of its support services comply with this Act”.

Through the passing of the CALEA in 1994, as well as subsequent amendments that have been made to the law since, law enforcement agencies around the country have been able to integrate their operations with the functions of telecommunications carriers. While the CALEA has led to some level of controversy, both from telecommunications companies as well as the general public as it pertains to personal privacy, the law provides law enforcement agencies with the means to access various forms of communications in accordance with a court order. As such, future laws that pertain to the access of communications systems in regards to law enforcement agencies will have to take a variety of factors into account.