8/9. The Federal Communications Commission (FCC) released its Notice of Proposed Rulemaking and Declaratory Ruling (NPRM & DR) [100 pages in PDF] regarding imposing CALEA obligations upon broadband internet access services and voice over internet protocol (VOIP) services.

This article reviews some of the highlights of this NPRM. The articles that follow review in more detail some specific sections of the NPRM. The following is a list of the titles of articles on this NPRM:

• Summary of the FCC's CALEA NPRM
• Summary of the CALEA NPRM's Tentative Conclusion Regarding Broadband Internet Access Services
• Summary of the CALEA NPRM's Tentative Conclusion Regarding Certain VOIP Services
• Summary of the CALEA NPRM's Declaratory Ruling Regarding Push To Talk Services
• Summary of the CALEA NPRM's Substantial Replacement Analysis
• Summary of the CALEA NPRM's Future Services Analysis
• Summary of the CALEA NPRM's Private Intercept Management Provider Proposal

The NPRM is 100 pages, single spaced, with 426 footnotes. This article, and the articles that follow, do not review everything that is in this NPRM. The NPRM also addresses the obligations that the CALEA imposes upon telecommunications carriers and how these might be extended to information services, the CALEA's safe harbor standards, the application of the CALEA to satellite networks, and cost and cost recovery.

The FCC issued this NPRM in response to the petition for rulemaking [83 pages in PDF] submitted on March 10, 2004 by the Department of Justice (DOJ) and two of its components. The 1994 Communications Assistance for Law Enforcement Act (CALEA) requires telecommunications carriers to "shall ensure that its equipment, facilities, or services that provide a customer or subscriber with the ability to originate, terminate, or direct communications are capable of expeditiously isolating and enabling the government ... intercept, to the exclusion of any other communications, all wire and electronic communications carried by the carrier ..."

In other words, the CALEA provides that telecommunications carriers must design their equipment and networks to facilitate lawfully conducted wiretaps and other intercepts. Statutes other than the CALEA address what intercepts are lawful.

The DOJ petition requested that the FCC, in effect, expand the scope of the CALEA to also cover broadband service providers, voice over internet protocol (VOIP) service providers, and others. The DOJ petitioned the FCC to require various entities to design and modify their networks, hardware, software, and equipment in a manner that enables the DOJ to more easily intercept VOIP and other internet based communications. See, story titled "Summary of DOJ Petition for Rulemaking to Expand the CALEA to Cover Information Services" in TLJ Daily E-Mail Alert No. 873, April 9, 2004.

The FCC adopted, but did not release, this NPRM at its August 4, 2004 meeting. It released the text on August 9. Comments will be due 45 days after publication of a notice in the Federal Register. Reply comments will be due 75 days after publication in the Federal Register. The FCC has not yet published this notice in the Federal Register.

See also, story titled "FCC Adopts NPRM and Declaratory Ruling Regarding CALEA Obligations" in TLJ Daily E-Mail Alert No. 953, August 5, 2004. See also, stories titled "FCC Legislatively Expands Scope of CALEA Obligations" in TLJ Daily E-Mail Alert No. 953, August 5, 2004, and "Powell Discusses Brand X Case" in TLJ Daily E-Mail Alert No. 954, August 6, 2004.

First, this NPRM is not all that it asserts. The NPRM states that it implements the CALEA. This mischaracterizes much of what is in the NPRM. It makes tentative conclusions that are more in the nature of legislative amendment of the statute. The NPRM states that it gives effect to the intent of Congress. This mischaracterizes much of what is in the NPRM. It makes tentative conclusions that are either contrary to the intent of the Congress, or that address issues that were not considered by the Congress when it passed the CALEA in 1994. The NPRM states that it is intended to remove uncertainty and bring clarity. This NPRM adds uncertainty.

Perhaps the most significant items in this NPRM are the two threshold tentative conclusions that broadband internet access services (BIAS) and managed voice over internet protocol (VOIP) are subject to the requirements of the CALEA.

The NPRM's analysis upon which these tentative conclusions are based is also important. It builds upon the substantial replacement clause in the CALEA's definition of "telecommunications carrier". The CALEA provides that its requirements only apply to a "telecommunications carrier", and that its requirements do not apply to "information services". The substantial replacement clause provides that certain services provided by certain entities are subject to CALEA requirements if their service is "a replacement for a substantial portion of the local telephone exchange service".

The NPRM gives an interpretation to this provision that is inconsistent the plain meaning of the words that make up this clause. Nevertheless, this interpretation provides the FCC with the basis for concluding that broadband internet access services (BIAS) and managed VOIP services are subject to CALEA requirements. But, in addition, this interpretation does two other things. First, the construction contained in the NPRM so changes the meaning given to the substantial replacement clause that it will enable the FCC and DOJ to sweep many other services and applications that are not discussed in the NPRM into the coverage of the CALEA. Second, this strained construction, as Commissioners suggested at the August 4 meeting, may provide the grounds upon which the final rule will be vacated by Court of Appeals.

Next, the NPRM asserts that it rejects the DOJ's requests regarding other and future services. These requests drew the harshest criticism from commenters. However, the rejection may be more illusory than real, because of the NPRM's substantial replacement analysis. That is, the NPRM's analysis is not simply that BIAS and managed VOIP services are substantial replacements, and hence subject to CALEA requirements. The NPRM's analysis is to first give new meaning to the words in the substantial replacement clause, and then apply this new meaning to BIAS and VOIP services. Under the NPRM's newly created meaning, BIAS and VOIP services are found to be substantial replacements.

But, the meaning given to the substantial replacement clause is so inclusive and open ended, that if it is incorporated into the final order, it will enable the FCC and DOJ to employ it to accomplish much of what the DOJ had sought with its future services request.

Next, while the NPRM addresses the threshold questions of whether BIAS and certain VOIP services are subject to the requirements imposed by the CALEA, the NPRM does not provide, or propose, details regarding what technologies will be swept into the CALEA regime. The NPRM states briefly that it "does not propose attaching CALEA obligations to services or applications that ``ride over´´ the underlying broadband transmission, such as e-mail storage, web browsing capabilities, and Internet gaming." Yet, the NPRM goes on to conclude that certain applications that do "ride over" (a term that the NPRM does not define) the broadband transmission are subject to CALEA requirements. Moreover, the NPRM does not even mention most information services, technologies and applications that might "ride over" broadband transmissions.

The NPRM also contains a significant proposal regarding enforcement. It states that "We consider whether" the FCC "may take separate enforcement action against telecommunications carriers, manufacturers and providers of telecommunications support services that fail to comply with CALEA." Yet, the statute gives enforcement authority to the judiciary, not the FCC. Were the FCC to become the arbiter of enforcement disputes, the power of the DOJ over carriers and providers of information services would be greatly enhanced, because, as this NPRM demonstrates, the FCC is far more likely to sustain the enforcement requests of the DOJ than a federal judge.

The NPRM also contains a notable proposal regarding the processing of court orders, the installation of surveillance equipment, the operation of surveillance activities, and other activities related to carrying out surveillance and intercepts. The NPRM suggests creating a new category of service provider to perform these functions. The NPRM seeks comment on this, but does not indicate how the rules contained in a final order might implement this proposal.

Basically, there are now two types of entities involved in the wiretap process -- law enforcement agencies (LEAs) and telecommunications carriers. LEAs seek information, get court orders, and then serve them upon the telecommunications carriers that maintain the networks. This NPRM proposes a third category. It would include private companies, such as VeriSign and Fiducianet, that would provide what the NPRM calls "intercept management". The inclusion of a proposal regarding these private intercept management providers in this NPRM is significant for several reasons, none of which are addressed in the NPRM.

First, the DOJ did ask for this section in its original petition or reply comments.

Second, if implemented, the development of these private intercept management providers would change the structure of surveillance. In particular, the legal regime regulating the searches, seizures, wiretaps and other surveillance, of which the CALEA is just one part, builds in safeguards to decrease the likelihood that surveillance powers will be abused. These restrictions and rules are directed at LEAs and telecommunications carriers.

However, many of these restrictions and rules would provide significantly less incentive to private intercept management providers to play by the rules. This would require the Congress to step in and write amendments to the various surveillance related sections of the Criminal Code and Foreign Intelligence Surveillance Act (FISA), to take into account the new surveillance functions being performed by private intercept management providers.

It may also be important to note some of the topics that are not addressed by this NPRM.

First, while the CALEA only applies to a "telecommunications carrier", and the most important part of this NPRM is its discussion of what it means to be a "telecommunications carrier", this NPRM has nothing to say about recent court opinions that address the meaning of "telecommunications carrier". The Brand X case is acknowledged only in one footnote. (Also, both Commissioners Michael Copps and Jonathan Adelstein raise it in their separate statements.) The Vonage case is not mentioned.

October 16, 2003. The U.S. District Court (DMinn) issued its Memorandum and Order [PDF] in Vonage v. Minnesota Public Utilities Commission, holding that VOIP service provider Vonage is an information service provider, and that the MPUC cannot apply state laws that regulate telecommunications carriers to Vonage. The Court wrote that "State regulation would effectively decimate Congress's mandate that the Internet remain unfettered by regulation." The conclusion that a VOIP service provider offers an information service, rather than telecommunications service, would prevent state and federal government entities from applying rules that apply to telecommunications, such as those pertaining to the filing of tariffs, cross subsidies, unbundling, wiretapping and other electronic surveillance by the FBI and other law enforcement agencies, and 911. See also, story titled "District Court Holds that Vonage's VOIP is an Information Service" in TLJ Daily E-Mail Alert No. 760, October 17, 2003.

On October 6, 2003 the U.S. Court of Appeals (9thCir) issued its opinion [39 pages in PDF] in Brand X Internet Services v. FCC, vacating the FCC's declaratory ruling that cable modem service is an information service, and that there is no separate offering as a telecommunications service. See also, story titled "9th Circuit Vacates FCC Declaratory Ruling That Cable Modem Service is an Information Service Without a Separate Offering of a Telecommunications Service" in TLJ Daily E-Mail Alert No. 754, October 7, 2003.

The position taken in this NPRM, which is supported by the three Republican members of the FCC, is that "telecommunications carrier" has one meaning in the context of the Communications Act, and an entirely different, and inconsistent meaning, in the context of the CALEA. The Brand X and Vonage cases are not CALEA related disputes.

Second, there are two preliminary issues upon which the NPRM does not seek comment. The DOJ petition, as well as comments and reply comments reveal that there is considerable factual dispute over these issues. There is the issue of whether telecommunications carriers and information service providers are now capable of providing the intercept capabilities for new technologies, and are complying with lawful intercept orders. The DOJ and other LEAs argued that service providers are not providing capabilities, and evidence is being lost. On the other side, many carriers and services providers vehemently disputed these allegations in their comments.

There is also the issue of the extent to which new information services are harming efforts by LEAs. The DOJ and other LEAs argued that their efforts are suffering. On the other side, a few commenters argued the opposite, that new technologies now enable law enforcement to obtain more information, and do more with it. The PSTN provided the LEAs with access to conversations, while new technologies also enable the transfer, and hence interception, of large quantities of data. New technologies also electronically store communications that the PSTN never stored. Finally, new information technologies enable LEAs to electronically store, analyze and access the data that it obtains.

The NPRM notes in passing that some commenters disputed that they are not facilitating lawful intercept orders. The NPRM does not address whether or not new information technologies also further LEA's efforts.

The NPRM merely states that "Advances in technology, however, most notably the introduction of digital transmission and processing techniques and the proliferation of wireless and Internet services, such as broadband access services, have challenged the ability of LEAs to conduct lawful surveillance." The NPRM makes no findings, and does not ask for any comments, regarding these two disputed preliminary issues.

It appears that the FCC has decided these two issues in favor of the DOJ without so stating.

Finally, this is a permit-but-disclose notice and comment rule making proceeding. This NPRM is FCC 04-187 in ET Docket No. 04-295 and RM-10865.

8/9. The Federal Communications Commission's (FCC) CALEA NPRM [100 pages in PDF], released on August 9, 2004, tentatively concludes that "facilities-based providers of any type of broadband Internet access service, whether provided on a wholesale or retail basis, are subject to CALEA". (See, NPRM at Paragraph 1.)

The notice of proposed rulemaking (NPRM) elaborates that "we tentatively conclude that facilities-based providers of any type of broadband Internet access, including but not limited to wireline, cable modem, satellite, wireless, and broadband access via the powerline, whether provided on a wholesale or retail basis, are subject to CALEA ... because they provide replacement for a substantial portion of the local telephone exchange service used for dial-up Internet access service and such treatment is in the public interest. We base this belief on our reading of CALEA and its legislative history as well as the record thus far." (Footnotes omitted. See, NPRM at Paragraph 47.)

The NPRM also suggests, and seeks public comment on, the position that certain providers of broadband internet access services (BIAS) should not be subject to Communications Assistance for Law Enforcement Act (CALEA) requirements. The NPRM states that "There may exist discrete groups of entities for which the public interest may not be served by including them under the Substantial Replacement Provision. ... For example, entities that deploy broadband capability to consumers in underserved areas may fall in this category because of the potential deterrent effect it could have on deployment in particular circumstances (negatively impacting the first and second factors, i.e., protecting competition and encouraging the development of new technologies). Small businesses that provide wireless broadband Internet access to rural areas may be one example". (Footnotes omitted. Parentheses in original. See, NPRM at Paragraph 49.)

Thus, the NPRM addresses the threshold question of whether providers of BIAS, with certain possible exceptions for providers in underserved and rural areas, are subject to the requirements imposed by the CALEA.

Beyond this, the NPRM does not provide, or propose, details regarding what technologies will be included within the CALEA regime. It asks for comments on these details.

The NPRM states briefly that it "does not propose attaching CALEA obligations to services or applications that ``ride over´´ the underlying broadband transmission, such as e-mail storage, web browsing capabilities, and Internet gaming." (See, NPRM at Paragraph 51.) The NPRM does not define or discuss the meaning of the term "ride over".

Almost all current internet based services and applications that might be construed to "ride over" the broadband transmissions are not addressed in the NPRM. The NPRM makes no mention of online shopping, e-commerce, auction web sites, interactive computer services, and other services and applications.

On the other hand, the NPRM does tentatively conclude that certain VOIP services are subject to CALEA requirements. VOIP services are an application that "rides over" the broadband transmissions. Similarly, the NPRM declares that push to talk is subject to CALEA requirements. Currently, push to talk is being provided by cellular phone companies. However, it is likely at some point that push to talk functionality will be provided as an internet protocol service. The NPRM is written broadly to cover this application that "rides over".

The NPRM mentions e-mail in the above quoted Paragraph 51. There are other mentions of e-mail in this paragraph. There is also a reference to e-mail in the NPRM's section on VOIP. It reads, "We make clear that we do not, however, solicit comment on packet-based or broadband services that are clearly excluded from CALEA such as electronic mail." (See, NPRM at Footnote 168.)

Thus, e-mail is barely discussed. And, to the extent that it is, the NPRM states that it is "excluded from CALEA", and that the NPRM "does not propose attaching CALEA obligations to ... e-mail storage".

The Department of Justice (DOJ) has made clear in the hearings before the Congress, and in the context of pending legislation, that it is very concerned about intercepting e-mail. Indeed, at the request of the DOJ, the Congress included in the USA PATRIOT Act a section that amended the pen register and trap and trace language of Title 18. (See, § 216 of HR 3162 in the 107th Congress.) It previously allowed law enforcement agencies (LEAs) to obtain incoming and outgoing phone numbers dialed or punched by phone users. The PATRIOT Act broadened the provision to include addressing and routing information in electronic communications, such as e-mail TO: and FROM: lines. Moreover, the FBI's Carnivore was designed with e-mail in mind.

The DOJ also wrote in its petition for rulemaking [83 pages in PDF] to the FCC that the 1986 Electronic Communications Privacy Act (ECPA) expanded the scope of lawful intercepts to include electronic communications including e-mail, and that the 1994 CALEA was intended to enable LEAs to conduct their lawful intercepts. (See, DOJ Petition at Pages 2-3.) In addition, the DOJ wrote that the legislative history of the CALEA makes clear that Congress intended that e-mail in transit is subject to CALEA requirements. (See, DOJ Petition at Page 27.)

Hence, it is clear that the DOJ is interested in intercepting e-mail communications -- both content and addressing information -- and believes that this is subject to CALEA requirements.

Perhaps it is important to note both that the NPRM's brief treatment of e-mail includes the qualification of "storage", and the DOJ treatment of e-mail includes the word "transmission". Perhaps the direction that the FCC intends to take is that the interception of e-mail in transit is subject to the requirements of the CALEA, but that e-mail in storage is not. But then, accessing stored e-mail does not present the technological problems that intercepting e-mail does. The DOJ does not need the CALEA to make accessing stored e-mail easier. Whatever the case, the NPRM is vague, and seeks comments.

In conclusion, if the NPRM contemplates that certain VOIP, IP based push to talk, and e-mail in transit will all be subject to CALEA requirements, just what does the NPRM mean when it states that CALEA obligations do not extend to "applications that ``ride over´´ the underlying broadband transmission"? The NPRM does not explain. The NPRM concludes its discussion of this subject with the following: "We seek comment on this analysis."

Finally, there is a key footnote in this section, that states that schools, libraries, hotels and coffee shops may not be subject to CALEA requirements. It states that "We note that establishments acquiring broadband Internet access to permit their patrons to access the Internet do not appear to be covered by CALEA (assuming they were otherwise ``telecommunications carriers´´ under CALEA). Examples of these entities include schools, libraries, hotels, coffee shops, etc." (Parentheses in original. See, NPRM at Footnote 133.)

This footnote continues that "The underlying facilities-based broadband transmission providers that sell the broadband access service to these establishments to enable Internet access for their patrons would, however, be responsible for CALEA obligations under our tentative conclusion and thus Law Enforcement's needs would be addressed through these providers." (See, NPRM at Footnote 133.)

8/9. The Federal Communications Commission's (FCC) CALEA NPRM [100 pages in PDF], released on August 9, 2004, tentatively concludes that "``managed´´ Voice over Internet Protocol (``VoIP´´) services are subject to CALEA".  (See, NPRM at Paragraph 1.)

The notice of proposed rulemaking (NPRM) elaborates that "We tentatively conclude that providers of managed VoIP services, which are offered to the general public as a means of communicating with any telephone subscriber, including parties reachable only through the PSTN, are subject to CALEA." It bases this conclusion upon the substantial replacement clause of the CALEA. (Footnotes omitted. See, NPRM at Paragraph 56.)

The NPRM also tentatively concludes that "providers of non-managed, or disintermediated, communications should not be subject to CALEA". It adds that these "Non-managed VoIP services" include "peer-to-peer communications and voice enabled Instant Messaging". (See, NPRM at Paragraph 58.)

The NPRM seeks comments on this approach.

There is much to be clarified in this rule making process. The NPRM does not define the term "managed VOIP services". Nor does it explain the dichotomy of managed and non-managed services. The NPRM, taken literally, applies the term "managed" to any service that enables users to reach any phone subscriber. For practical purposes, this would be the capacity to reach a wireline or cellular phone on the PSTN.

The Department of Justice (DOJ) petitioned the FCC with a vastly different concepts of "managed" and "mediator" in mind. The DOJ's petition for rulemaking [83 pages in PDF] references the terms "managed" VOIP services "mediator", in a lengthy footnote. (See, DOJ petition, footnote 39, at pages 16-17.)

The DOJ wrote that a mediated VOIP service is one that is provided by "an entity that both provides the broadband access service that enables the telecommunications ... and acts as a mediator that provides any connection management". This might include a VOIP service offered as part of a cable company's broadband internet access package.

The NPRM, in contrast, does not associate the words managed or mediated with the concept of providing the underlying broadband internet access service.

The DOJ also wrote that "A stand-alone broadband telephony service provider includes entities that do not offer broadband access but do provide fully- or partially-managed broadband telephony service. Stand-alone broadband telephony service providers own or lease transmission facilities in order to manage quality of service and are thereby responsible to the customer for the transport of packets." The DOJ argued that both of these types of services, as well as others, should be subjected to CALEA obligations.

The NPRM tentatively rejects the DOJ's proposed approach. It states that "We tentatively decline to adopt Law Enforcement’s recommendation of basing statutory classifications on proposed ``business models.´´ We have strong concerns that such a regulatory approach could be easily circumvented and could adversely affect innovation by giving VoIP service providers a regulatory incentive (rather than a business or technical incentive) to design their services to avoid falling within one of the covered business models. Nevertheless, we invite comment on the proposed models and on the business model approach generally." (Parentheses in original. See, NPRM at Paragraph 57.)

The NPRM is not clear on the regulatory treatment of a service or application provider who does not own broadband internet access facilities, but does enable subscribers or users to communicate with a device on the PSTN. Under a literal reading of Paragraph 56 of the NPRM, this provider would be subject to CALEA requirements. But, such a conclusion would arguably be inconsistent with Paragraph 51 of the NPRM, which states that the NPRM "does not propose attaching CALEA obligations to services or applications that ``ride over´´ the underlying broadband transmission".

8/9. The Federal Communications Commission's (FCC) CALEA NPRM [100 pages in PDF], released on August 9, 2004 tentatively concludes that broadband internet access services (BIAS) and certain voice over internet protocol (VOIP) services are subject to the requirements of the CALEA. To reach these conclusions the NPRM had to surmount two substantial obstacles to such conclusions. First, the CALEA provides that it only imposes obligations upon a "telecommunications carrier". Second, it provides that it does not impose obligations upon information services. The CALEA does, however, contain a clause pertaining to substantial replacement that forms the entire basis of the NPRM's tentative conclusions.

The Statute. § 102(8) of the Communications Assistance for Law Enforcement Act (CALEA), which is codified at 47 U.S.C. § 1001(8), provides the following definition of "telecommunications carrier".

(8) The term ``telecommunications carrier''--
   (A) means a person or entity engaged in the transmission or switching of wire or electronic communications as a common carrier for hire; and
   (B) includes--
      (i) a person or entity engaged in providing commercial mobile service (as defined in section 332(d) of this title); or
      (ii) a person or entity engaged in providing wire or electronic communication switching or transmission service to the extent that the Commission finds that such service is a replacement for a substantial portion of the local telephone exchange service and that it is in the public interest to deem such a person or entity to be a telecommunications carrier for purposes of this chapter; but
   (C) does not include--
      (i) persons or entities insofar as they are engaged in providing information services; and
      (ii) any class or category of telecommunications carriers that the Commission exempts by rule after consultation with the Attorney General."

The NPRM's Substantial Replacement Analysis. The notice of proposed rulemaking (NPRM) focuses on the clause found at § 102(8)(B)(ii) of the CALEA.

This clause pertains to something that is a "replacement for a substantial portion of the local telephone exchange service". The NPRM tentatively concludes that certain services are just such a replacement.

More specifically, the statute, in its definitional section, defines a "telecommunications carrier" as "a person or entity engaged in the transmission or switching of wire or electronic communications as a common carrier for hire".

But then, § 102(8)(B)(ii) provides that a "telecommunications carrier" also "includes ... a person or entity engaged in providing wire or electronic communication switching or transmission service to the extent that the Commission finds that such service is a replacement for a substantial portion of the local telephone exchange service ...".

The plain meaning of this clause presents several impediments to the conclusions in the NPRM. For example, broadband internet access services, which the the NPRM tentatively concludes are subject to the CALEA under § 102(8)(B)(ii), enable users to visit web pages, publish web pages, search the web, make purchases and sales, use interactive computer services, enter chat rooms, and send and receive e-mail, instant messages, video messages, and text messages. Moreover, law enforcement surveillance extends to these activities. If § 102(8)(B)(ii) is understood as it is plainly worded, then the FCC's tentative conclusion that broadband internet access service is a "replacement for a substantial portion of the local telephone exchange service" necessarily implies that activities such as web surfing, online shopping, and the use of interactive computer services replaces a substantial portion of old fashioned phone service. This is untenable.

The NPRM therefore gives § 102(8)(B)(ii) a meaning contrary to its plain meaning. It takes the language, word by word, and phrase by phrase, and applies meanings to words that are inconsistent with the meaning that those words possess for persons who speak the English language.

Step by step, this is the interpretation created for § 102(8)(B)(ii) in the NPRM. (See, NPRM at Paragraphs 42-44.)

First, the NPRM reconstructs the phrase "wire or electronic communication switching". Switching, the FCC writes, does not actually mean using "switches", a term that otherwise possesses a clear meaning. Rather, it also means "routers", notwithstanding the fact that the Congress did not include the term "routers" in the statute. Moreover, the NPRM asserts that switching also includes use of any equipment that provides addressing functions on internet protocol networks.

Second, the NPRM reconstructs the word "substantial". The statute requires that there be a "a replacement for a substantial portion". Substantial is a high standard -- too high to bring broadband internet services within the scope of § 102(8)(B)(ii). So, the NPRM decides that "substantial" does not mean "substantial". Rather, it really means "any". (See, NPRM, at Paragraph 44, sentence 2.)

Third, the NPRM reconstructs the word "replacement". The NPRM decides that "replacement" may not mean "replacement". Rather, it may mean "substitutability". The NPRM is vague on this. Nevertheless, the FCC has used the term substitution, not in its plain sense (as when one quarterback is substituted for another quarterback), but rather in an economic sense. See for example, the FCC's notice of proposed rulemaking (NPRM) [97 pages in PDF] regarding regulation of internet protocol services, including voice over internet protocol (VOIP). This NPRM is FCC 04-28 in WC Docket No. 04-36. It is also sometimes referred to as the IP Enabled Services NPRM.

That is, there exists substitutability between two products or services when, if the price of the one product or service is changed, it affects the demand for the other. Far more products and services are substitutions for each other than are replacements for each other. For example, an increase in the price of airline tickets might increase the demand for phone services, and hence, air travel services could be an economic substitute for phone service. But, it could not be argued that air travel is a replacement for phone service.

Nevertheless, the NPRM is vague on this point. It also suggests that by "replacement" it means "functional substitutability" rather than "economic substitutability". This raises the question of what the NPRM means by the term "functional substitutability". It is not explained or defined in the NPRM, or in the earlier NPRM on IP enabled services. Indeed, the following Google search produces only one web page: site:www.fcc.gov "functional substitutability". That web page is this NPRM.

Fourth, the NPRM reconstructs the relevant unit of analysis. The language of the statute is "a replacement for a substantial portion of the local telephone exchange service" (emphasis added). That is, under the plain meaning of the statute, one must consider whether the service is a replacement. Notwithstanding this language in the CALEA, the NPRM decides that there is a "replacement of any portion of an individual subscriber's functionality" (emphasis added). That is, the FCC decides that the unit of analysis is any individual.

Fifth, the NPRM reconstructs the phrase "local exchange service". The FCC decides that "local exchange service" does not mean "local exchange service". Rather, it means "Internet access" by phone modem.

Sixth, the NPRM reconstructs the structure of the definition of "telecommunications carrier". The NPRM treats the substantial replacement clause as though it were structured as an exception to the information services exclusion. That is, the NPRM treats the substantial replacement clause as though the statute provided that "CALEA requirements apply to services providers who are telecommunications carriers, and not information services providers, except when the services are a substantial replacement ...".

This is not the structure of § 102(8). First, it provides a definition of "telecommunications carrier" (§ 102(8)(A)). It then provides four separate clauses, all of which equally qualify § 102(8)(A). For the purposes of this analysis, only two are relevant. § 102(8)(B)(ii) qualifies the definition of "telecommunications carrier" by including substantial replacements. § 102(8)(C)(i) qualifies the definition of "telecommunications carrier" by excluding information services. The substantial replacement clause does not override or trump the information services clause any more than the information services clause overrides or trumps the substantial replacement clause. The way the statute is structured, substantial replacements and information services are both treated as qualifiers of the underlying definition, and hence, should be understood as mutually exclusive categories.

The result of each of these contorted constructions of clauses in the CALEA is to broader the reach the CALEA's requirements. Taken together, all of these reconstitutions give the FCC a concept of "telecommunications carrier" that is inconsistent with the plain meaning the words drafted by the Congress, that bears little resemblance to the meaning of this term under the Communications Act, and that enables the DOJ and FCC to broadly claim that many things that are telecommunications services, information services, or neither, are subject to CALEA requirements.

Statements by FCC Commissioners. The separate statements of Commissioners reflect varying degrees of unease with the NPRM's substantial replacement analysis.

Kathleen Abernathy, who supported the NPRM, warned in a separate statement [PDF] that "at the end of the day, the federal courts -- rather than this Commission -- will be the arbiter of whether we are authorized to take the actions proposed in this rulemaking, and we must remain mindful of that fact as we consider final rules."

FCC Commissioner Michael Copps was bluntly critical of the substantial replacement analysis. He wrote in a separate statement [PDF] that the NPRM "is flush with tentative conclusions that stretch the statutory fabric to the point of tear. If these proposals become the rules and reasons we have to defend in court, we may find ourselves making a stand on very shaky ground. It would be a shame if our reliance on thin legal arguments results in the CALEA rules being thrown out."

He wrote that "it strains credibility to suggest that Congress intended ``a replacement for a substantial portion of the local telephone exchange´´ to mean the replacement of any portion of any individual subscriber's functionality. Capturing VoIP under the rubric of substantial replacement, ignoring the Ninth Circuit's decision in Brand X, and trying to slice and dice managed and non-managed services is not the way to proceed here."

FCC Commissioner Jonathan Adelstein wrote in a separate statement [PDF] that this NPRM "seizes upon notable but thin distinctions between definitions in CALEA and the Communications Act. Moreover, the item does not acknowledge fully and seek comment on existing precedent that is in tension with the tentative conclusions here. For example, whether or not the Commission ultimately appeals the decision in the Ninth Circuit’s Brand X case, which concluded that broadband access via cable modem includes a ``telecommunications service,´´ this Notice’s failure to seek comment on a legal analysis that would comport with the Circuit’s holding is an unnecessary failing."

Finally, while the NPRM bases its tentative conclusions upon the substantial replacement clause in the CALEA, the NPRM does not close the door to other possible bases. For example, it suggests briefly that the authority to impose CALEA like requirement might be imposed, not by construing the CALEA, but by invoking 47 U.S.C. § 151. The NPRM states that "Section 151 of the Communications Act charges the Commission with carrying out its obligations for a number of stated purposes, including ``for the purpose of the national defense´´ and ``for the purpose of promoting safety of life and property.´´" (See, NPRM at Paragraph 59.)

The House and Senate are in recess through September 6.

9:00 - 11:00 AM. The U.S. Chamber of Commerce will host an event titled "Intellectual Property Rights Roundtable". The speakers will be Nancy Kratzer and David Faulconer of the Department of Homeland Security's (DHS) National Intellectual Property Rights Coordination Center. The U.S. Chamber notice states that "This Event Is NOT Open To The Press."

9:30 AM. John Muleta, Chief of the Federal Communications Commission's (FCC) Wireless Telecommunications Bureau, will hold a briefing. The FCC notice states that this briefing is "for members of the media" and that persons planning to attend should contact Lauren Patrich at 202 418-7944 or lauren.patrich@fcc.gov. Location: FCC, 445 12th Street, SW, Room TW A-402/A-442.

? 1:00 PM. The House Homeland Security Committee will hold a hearing regarding the 9/11 Commission recommendations on information sharing. The witnesses will include Assistant Secretary of Homeland Security, Patrick Hughes. Location: Room 2118, Rayburn Building.

1:30 - 4:00 PM. The Federal Communications Commission's (FCC) WRC 07 Advisory Committee, Informal Working Group 1: Terrestrial and Space Science Services, will meet. See, notice [PDF]. Location: FCC, 445 12th Street, SW, 8th Floor, Room 8-B411 (Conference Room #5).

6:00 - 8:15 PM. The DC Bar Association's Intellectual Property Law Section and Computer and Telecommunications Law Section will host a continuing legal education (CLE) program titled "Introduction to Anti-Spam Laws". The speakers will be Jason Levine (Covington & Burling) and Samuel Kaplan (Department of Justice). Prices vary. See, notice. For more information, contact 202-626-3488. Location: D.C. Bar Conference Center, B-1 Level, 1250 H Street, NW.

RESCHEDULED FOR SEPTEMBER 2. 1:30 - 3:30 PM. The Federal Communications Commission's (FCC) WRC 07 Advisory Committee, Informal Working Group 5: Regulatory Issues, will meet. See, notice [PDF]. Location: The Boeing Company, Arlington, VA. See, rescheduling notice [PDF].

10:00 AM. The Senate Judiciary Committee will hold a hearing titled "The 9-11 Commission and Recommendations for the Future of Federal Law Enforcement and Border Security". The witnesses will include Asa Hutchinson, the Under Secretary for Border and Transportation Security at the Department of Homeland Security. See, notice. Location: Room 226, Dirksen Building.

12:00 NOON - 1:30 PM. The DC Bar Association's International Law Section and Antitrust and Consumer Law Section will host a panel discussion titled "The Reach Of U.S. Antitrust Law After Empagran". The subject will be the U.S. Supreme Court's June 14, 2004 opinion [23 pages in PDF] in F. Hoffmann-La Roche Ltd., v. Empagran, S.A. The speakers will be Steven Mintz (Department of Justice, Antitrust Division), Peter Orszag (Brookings Institution), Elaine Metlin (Dickstein Shapiro), and Jonathan Franklin (Hogan & Hartson). See, notice. Prices vary from $10-$15. For more information, call 202 626-3463. Location: Fried Frank, 1001 Pennsylvania Ave., NW.

6:00 - 9:15 PM. The DC Bar Association's Telecommunications Law Section will host a continuing legal education (CLE) program titled "New FCC Media Ownership Rules Made Simple". The speakers will be Tom Davidson (Akin Gump) and Gregory Masters (Wiley Rein & Fielding). Prices vary. See, notice. For more information, contact 202-626-3488. Location: D.C. Bar Conference Center, B-1 Level, 1250 H Street, NW.

10:00 AM. The House Judiciary Committee's Subcommittee on Commercial and Administrative Law and Subcommittee on the Constitution will hold a joint hearing titled "Privacy and Civil Liberties in the Hands of the Government Post-September 11, 2001: Recommendations of the 9/11 Commission and the U.S. Department of Defense Technology and Privacy Advisory Committee". The witnesses will include Nuala Kelly, Chief Privacy Officer of the Department of Homeland Security. The hearing will be webcast. Location: Room 2141, Rayburn Building.

10:00 AM. The House Financial Services Committee will hold a hearing titled "The 9/11 Commission Report: Identifying and Preventing Terrorist Financing". See, report of the National Commission on Terrorist Attacks Upon the United States (9-11 Commission). Press contact: Peggy Peterson at 202 226-0471. Location: Room 2128, Rayburn Building.

Deadline to submit reply comments to the Federal Communications Commission (FCC) in response to its notice of proposed rulemaking (NPRM) regarding the reporting requirements for U.S. providers of international telecommunications services. This NPRM is FCC 04-70 in IB Docket No. 04-112. See, notice in the Federal Register, May 25, 2004, Vol. 69, No. 101, at Pages 29676 - 29681.

10:30 AM - 12:15 PM. The Federal Communications Commission (FCC) will hold an event titled "Discussion on the Debt Collection Improvement Act Rules and Rules Governing Applications or Other Request for Benefits by Debtors". See, notice [PDF]. Location: FCC, Commission Meeting Room, 445 12th Street, SW.

12:15 PM. The Federal Communications Bar Association's (FCBA) Online Communications Practice Committee will host a brown bag lunch. The topic will be Federal Communications Commission (FCC) and Department of Agriculture (USDA) policies related to deployment of wireless broadband services in rural areas. The speakers will be Peter Corea (Special Counsel, FCC's WTB's Broadband Division) and Chris Moore (USDA). For more info contact Ann Bobeck at abobeck@nab.org. RSVP to Evelyn Opany at evelyn.opany@piperrudnick.com Location: Piper Rudnick, 1200 19th St., NW, 7th Floor.

Deadline to submit reply comments to the Federal Communications Commission (FCC) in response to its Notice of Inquiry (NOI) [30 pages in PDF] regarding its annual report to the Congress on the status of competition in the market for the delivery of video programming. See also, story titled "FCC Adopts NOI For Annual Report to Congress on Video Programming" in TLJ Daily E-Mail Alert No. 916, June 11, 2004. This NOI is FCC 04-136 in MB Docket No. 04-227. See also, notice in the Federal Register, July 1, 2004, Vol. 69, No. 126, at Pages 39930 - 39933.

Deadline to submit comments and notices of intention to participate to the Copyright Office regarding ascertainment of controversy for the 2002 cable royalty funds. The CO published a notice in the Federal Register that "directs all claimants to royalty fees collected for calendar year 2002 under the cable statutory license to submit comments as to whether a Phase I or Phase II controversy exists as to the distribution of those fees and announces the deadline for the filing of Notices of Intention to Participate in a royalty distribution proceeding concerning those royalty fees." See, Federal Register, July 26, 2004, Vol. 69, No. 142, at Pages 44548 - 44549.

8/9. The Federal Communications Commission's (FCC) CALEA NPRM [100 pages in PDF], released on August 9, 2004 contains a declaratory ruling that push to talk services are subject to CALEA requirements.

The notice of proposed rulemaking (NPRM) first addresses Commercial Mobile Radio Service (CMRS) providers, or cellular providers. The NPRM states that "CMRS carrier offerings of push-to-talk service that are offered in conjunction with interconnected service to the PSTN, but may use different technologies, are subject to CALEA requirements." (See, NPRM at Paragraph 146.) But, if the push to talk service does not enable connection to someone on the public switched telephone network (PSTN), then it is not subject to CALEA requirements.

The NPRM continues that "We find that whether a CMRS carrier's push-to-talk service offering is subject to CALEA depends on the regulatory definition and functional characteristics of that service and not on the particular technology the carrier chooses to apply in offering it. Therefore, we conclude that regardless of what newer technologies a CMRS carrier may use in its offering of push-to-talk ``dispatch service,´´ it continues to be subject to the requirements of CALEA, if the required definitional element for CMRS service is met, i.e., the delivery of the push-to-talk service is offered in conjunction with interconnected service to the PSTN."

Then the NPRM adds this. "We qualify this approach, however, recognizing that what has been termed ``private dispatch services´´ may be developed or implemented in a manner that raises issues pertaining to the Substantial Replacement Provision. For example, an entity might deploy a seemingly ``private´´ or ``closed´´ push-to-talk services that may satisfy all three prongs of the Substantial Replacement Provision such that this service would be subject to CALEA." (See, NPRM at Paragraph 151.)

There is also a footnote to this paragraph. It provides, in part, "For instance, some wireless push-to-talk offerings being developed will rely on Wi-Fi, combined with VoIP, and unlike CMRS-based push-to-talk that provides the capability of interconnecting to the local exchange network, would not interconnect to the PSTN." (See, NPRM at Footnote 348.)

8/9. The Federal Communications Commission's (FCC) CALEA NPRM [100 pages in PDF], released on August 9, 2004, addresses the Department of Justice's (DOJ) request that certain future services also be subjected to CALEA requirements.

The DOJ's March 10, 2004 petition for rulemaking [83 pages in PDF] included several related requests.

First, the DOJ petition requested that the FCC "require any carrier that believes that any of its current or planned equipment, facilities, or services are not subject to CALEA to immediately file a petition for clarification with the Commission to determine its CALEA obligations." (See, DOJ petition, at page 34.)

The petition also stated that the FCC's rules "should provide that (1) a service that directly competes against a service already deemed to be covered by CALEA is presumptively covered by CALEA pursuant to Section 102(8)(A) of CALEA; (2) if an entity is engaged in providing wire or electronic communication switching or transmission service to the public for a fee, the entity is also presumptively covered by CALEA pursuant to Section 102(8)(A) of CALEA; and (3) a service currently provided using any packet-mode technology and covered by CALEA that subsequently is provided using a different technology will presumptively continue to be covered by CALEA." (See, DOJ petition, at page 33.)

Numerous commenters strongly criticized some or all of these requests. For example, the Center for Democracy and Technology (CDT) wrote in its comment [PDF] (at page 29) that, "To put it bluntly, this is nonsensical. The statute places no burden on any carrier to prove that its service is not subject to CALEA before going forward with a new technology -- that would be a hyper-regulatory burden of the worst kind. Moreover, the plain terms of CALEA state exactly the opposite."

Similarly, the ISP CALEA Coalition wrote in its comment [PDF] (at page 32) that "This suggestion is breathtaking, both in its contradiction of Congress's plain instructions and in the devastating impact it would have on innovation and on the competitive position of U.S. companies in international technology markets. Such a regulatory pre-approval process would impose the cost of building wiretap capabilities into new technologies even before it is clear whether they will succeed, as well as the substantial costs of delay in fast-moving technology markets – and these costs would be particularly damaging for the small and start-up companies that have historically driven much of technological innovation."

The NPRM does not grant the DOJ its requests. This is one of the few significant items requested by the DOJ that the FCC denied.

The NPRM, citing both of the above quoted sections of the DOJ's petition, states that "We tentatively conclude that it is unnecessary for us to adopt Law Enforcement's proposal regarding the identification of future services and entities subject to CALEA." (See, NPRM at Paragraph 60.)

However, the CDT, ISP CALEA Coalition, and other opponents of the future services proposals may only have won a pyrrhic victory.

The reason is that the NPRM's analysis of the substantial replacement clause of the CALEA attaches a new meaning to that clause that is so broad that it could enable the DOJ and FCC to sweep many varieties of new applications, services and technologies into the scope of the CALEA. It is also sufficiently vague that many providers will not know from the statute and the FCC's rules whether they are subject to CALEA requirements.

There is also the statement in the NPRM that the FCC need not create a new procedure for applying to the FCC, because "providers of new services may avail themselves of existing Commission procedures to seek clarification as to whether they are covered under CALEA." (See, NPRM at Paragraph 61.) Moreover, there is the suggestion elsewhere in the NPRM that the FCC assume an enforcement role.

In short, the substantial replacement analysis, if incorporated into the final order, would hang the sword of Damocles above the heads of investors, developers and providers of new information services. The only way to remove this threat would be to petition the FCC in advance for license to develop a product. And this is, in essence, what the DOJ sought with it future services requests.

8/9. The Federal Communications Commission's (FCC) CALEA NPRM [100 pages in PDF], released on August 9, 2004, contains a proposal regarding the processing of court orders, the installation of surveillance equipment, the operation of surveillance activities, and other activities related to carrying out surveillance and intercepts. The NPRM suggests that carriers and service providers rely upon a new category of service provider to perform these functions. The NPRM seeks comment on this, but does not indicate how the rules contained in a final order might implement this proposal.

Summary of NPRM Proposal. The NPRM includes a section that suggests that it will not be the telecommunications carriers and information services providers who will intercept the calls and data for which the law enforcement agencies (LEAs) have obtained court orders. Rather, third party providers will access the calls and data, analyze it, process it, and deliver it to the LEAs. (See, NPRM at Paragraphs 1 and 69-76.)

The NPRM states that "We seek comment on ... the feasibility of carriers relying on a trusted third party to manage their CALEA obligations and to provide to law enforcement agencies (``LEAs´´) the electronic surveillance information they require in an acceptable format." (See, NPRM at Paragraph 1.) The NPRM further states that this provider "manages the intercept process", and that this provider would "analyze the data and provide a LEA with only that information to which it is entitled". (See, NPRM at Paragraph 69.)

The NPRM also offers a rationale for the use of these private intercept management providers. They "would be an efficient method to extract information from packets" and they "might provide economies of scale for small carriers". (See, NPRM at Paragraph 72.)

This is a point that both VeriSign and Fiducianet make in their filings with the FCC. They have not made public any significant financial data regarding costs and prices. Nevertheless, their argument is that a small service provider could spend hundreds of thousands of dollars on purchasing and installing equipment, and more for employee training and time, even though it might only rarely be called upon by LEAs to conduct intercepts.

Alternatively, a company that specializes in intercepts, and is familiar with LEA procedure, could install equipment on a service provider's premises, that the company would access remotely, to manage the interception requested by LEAs. The capacity would be scaled to that service provider's size. These private intercept management providers would bill the information service providers (and especially small providers) much less than they would spend if they were to manage their own intercepts. See for example, VeriSign's original comment [15 pages in PDF], ex parte paper [22 pages in PDF], and reply comments [8 pages in PDF] and Fiducianet's ex parte notice [PDF].

Also, while the proponents of this proposal are private companies, the NPRM adds that these private intercept management providers "could be owned by the packet service provider or Law Enforcement, or it could be an independent surveillance service provider who contracts with individual carriers." (See, NPRM at Paragraph 75.)

The NPRM uses the term "trusted third party" repeatedly in this section. Although, it once uses the term "independent surveillance service provider". The companies that have ambitions to develop this industry, such as VeriSign and Fiducianet, tend to use the term "service bureau". Neither the term "trusted third party" nor the term "service bureau" carries much descriptive content. This series of articles uses the term "private intercept management provider" because it is descriptive of the entities that would perform this function.

The DOJ Petition Did Not Make This Request. Most of what is in the NPRM is a reaction to requests included in the DOJ's petition for rulemaking. The NPRM gave the DOJ some of what it requested. It gave it alternative or similar relief in some instances. It also denied some DOJ requests. This item in the NPRM is notable because the DOJ did not ask for this section in its original petition for rulemaking [83 pages in PDF] or reply comments [61 pages in PDF].

Moreover, while the DOJ has been holding ex parte meetings with FCC personnel since last summer, its ex parte notices in this and other proceedings do not reflect that the DOJ has asked for this. Finally, to the limited extent that TLJ has spoken with FCC personnel who have been present at various of these meetings, they have stated either that they will not discuss ex parte meetings, or that the DOJ has not taken a position on the use of private intercept management providers at these meetings.

On the one hand, the DOJ could simply be relying upon these companies, and their profit motive, to conduct the lobbying of the FCC on this issue. Moreover, it may be significant that Mike Warren, the President of Fiducianet, was until recently a long time employee of the DOJ's Federal Bureau of Investigation (FBI). He worked in its CALEA unit.

In addition, these private intercept management providers could turn out to be more supportive of the LEAs than the carriers' and information service providers' internal staff would be. This would give the DOJ cause for supporting this item in the NPRM.

Also, the financial incentives could work in favor of the DOJ. While carriers currently receive payment for intercepts, it costs them more than they receive. Intercepts are a money losing proposition for carriers. Hence, they have no financial incentive to do more of them, or any of them. But, if the intercept management function were separated from the provision of information services, with the intercept management provider being paid by the information services provider at a market based price, the intercept management provider would benefit from performing more intercepts. It would have a financial incentive to conduct more intercepts. This could result in LEAs encountering less resistance from private intercept management providers than from the carriers and information services providers.

On the other hand, these private intercept management providers, in order to win clients, may have to be responsive to their interests. They could develop as more effective counterweights to overzealous LEAs than would small information service providers acting individually.

This Proposal Could Change the Structure of Surveillance. This proposal to use private intercept management providers, if implemented, could change the structure of surveillance.

There are now two types of entities involved in the wiretap process -- LEAs and telecommunications carriers. LEAs seek information, get court orders, and then serve them upon the telecommunications carriers that maintain the networks.

This NPRM proposes a third category of entity in the surveillance process. It add private companies, such as VeriSign and Fiducianet, that would provide "intercept management".

Also, as more criminals and terrorists adopt new information services, surveillance of these activities will increase, thus making information services providers a fourth major category of entity active in the surveillance system.

Data on wiretaps suggest that there is still very little interception involving information services. For example, on April 30, 2004, the Administrative Office of the United States Courts released its 2003 annual report [10 pages in PDF] on interception of phone, oral and electronic communications. This report only addressed Title III wiretaps, which also include accessing the content of e-mail transmissions. It states that "1,442 intercepts authorized by federal and state courts were completed in 2003". It further states that 49 authorizations pertained to "Electronic wiretaps". It adds that "32 of these involved electronic pagers, 12 involved computers, and 5 involved other electronic devices such as fax machines". The report also addresses encryption. It states that "In 2003, no instances were reported of encryption being encountered on federal wiretaps. One state jurisdiction reported that encryption was encountered in a wiretap terminated in 2003; however, the encryption was reported to have not prevented law enforcement officials from obtaining the plain text of communications intercepted."

Law enforcement, including investigation, surveillance, and collection of evidence of crimes, is one of the core governmental functions of any nation or state, regardless of how market oriented it might be. This NPRM proposes to shift functions that are essentially governmental to private companies.

Some groups have argued that there is a larger trend in the structure of surveillance towards privatization, and that it has potentially harmful consequences. For example, the ACLU just released a paper [38 pages in PDF] titled "The Surveillance-Industrial Complex: How the American Government is Conscripting Businesses and Individuals in the Construction of a Surveillance Society" that cautions about an ongoing trend of privatization of surveillance. It was written just before the FCC released its CALEA NPRM, and hence, does not include a section on the NPRM.

The ACLU may or may not be on point in all of its arguments.

Nevertheless, there is currently a broad array or statutory rules, regulations, and caselaw that define, for the LEAs and telecommunications carriers what their roles in the surveillance process are, what they are allowed to do, what they are prohibited from doing, and how they can be penalized for breaking the rules. This legal framework is constructed with LEAs and telecommunications carriers in mind. In contrast, there is currently no legal framework that would apply to these new private intercept management providers. Nor does the NPRM propose to construct such a framework.

The NPRM, at the very end of its section on intercept management adds a single sentence that asks for comments, but only about the "privacy and security" related implications of using these new  private intercept management providers" (See, NPRM at Paragraph 76.)

Abuse of Surveillance Powers. The legal regime regulating the searches, seizures, wiretaps and other surveillance, of which the CALEA is just one part, builds in safeguards to decrease the likelihood that surveillance powers will be abused.

The interception of communications can entail the acquisition of very private information. Abuse of interception authority, and illegal interception can cause substantial harm to the persons whose conversations are intercepted, and the business or organizations for which they work.

To date, almost all interception has involved merely the content of two person conversations, and acquiring phone numbers. Moreover, the content of calls is acquired as voice in analog format. Someone can listen to it, transcribe it, and read it.

In contrast, the development of new information services means that far more than voice conversations are traveling over networks. There is also substantial data -- financial data, proprietary information of business, medical records, and other things not previously contained within phone conversations. Moreover, much data is stored, and hence available for seizure for a long time. Finally, the data is digital, and often in formats that make it readily searchable, and easily merged with other collections of data. This means that the amount of information that is becoming available through searches and seizures is growing rapidly, that the uses to which it can be put is growing rapidly, and hence, that the extent of the potential harm that could result form improper or illegal searches and seizures is growing rapidly.

One might speculate that this development may lead the Congress to create increased protections and safeguards against abuse of search, seizure, surveillance, and intercept powers. However, the NPRM's suggestions regarding private intercept management providers would tend to have just the opposite affect -- decreasing the protections and safeguards.

There are several checks upon LEAs. First, LEAs are staffed by career sworn law enforcement officers who tend to take the laws that they are sworn to uphold very seriously. Second, laws limit who within LEAs may seek orders for wiretaps. In this case of the DOJ, 18 U.S.C. § 2516 limits this authority to a small group of ranking officials. Third, laws limit the crimes which may serve as a predicate offense for issuance of a wiretap order. For the DOJ, this is codified at 18 U.S.C. § 2516. Fourth, the request to conduct a wiretap must be approved by an impartial federal judge.

Fifth, there is the principle of suppression of evidence. LEA personnel are largely motivated by a desire to catch criminals and put them in jail. They need evidence that can be admitted at a trial to do this. However, evidence that is illegally obtained, such as by an illegal wiretap, can be suppressed, and thereby rendered inadmissible at trial. Moreover, evidence collected as a result of an illegal search can also be suppressed. In the case of wiretaps, this is codified at 18 U.S.C. § 2515. Perhaps nothing upsets prosecutors and law enforcement officers more than watching a criminal whom they have caught and charged walk out the front door of the courthouse as a result of the suppression of critical evidence.

These checks are largely effective in keeping LEAs in line. However, they would not apply in the same manner to private intercept management providers. The employees of these companies will not be sworn law enforcement officers with the esprit of these professionals. Nor will they be motivated by worries about the suppression of evidence. The companies will be paid regardless of whether the fruits of the surveillance are used or are useable in court. Their motive is profit maximization.

There are also checks upon telecommunications carriers. First, they have no profit motive in conducting intercepts because they loose money on intercepts. In contrast, the private intercept management providers will make more money the more intercepts there are.

Second, telecommunications carriers have a stronger incentive to protect the privacy and security of their own customers than the private intercept management providers would.

Third, there are statutory restrictions on what telecommunications carriers can do. There is, for example, 47 U.S.C. § 605, which prohibits the unauthorized publication or use of communications. This applies to entities that are telecommunications carriers within the meaning of the Communications Act. However, the FCC's analysis in the substantial replacement section of the NPRM tentatively concludes that certain information services providers are telecommunications carriers within the meaning of the CALEA, but not within the meaning of the Communications Act. The consequence of such a distinction could be that these information services providers (and their agents, the private intercept management providers) are regulated by the CALEA, but not by Section 605.

Fourth, there is 18 U.S.C. § 2511, which criminalizes illegal wiretaps. This section applies equally to LEAs, telecommunications carriers, information services providers, and private intercept management providers. However, with the increasing use of services that provide for storage of communications and other electronic data held by a third party, the utility of Section 2511 in constraining abuse of electronic surveillance powers is decreasing.

For example, in the case of e-mail, Section 2511 appears to cover electronic transmission of e-mail, but not the electronic storage of e-mail. Thus, an e-mail service provider or private intercept management provider that improperly accesses stored e-mail could not be sued or prosecuted under Section 2511.

This is what the U.S. Court of Appeals (1stCir) held in USA v. Bradford Councilman. On June 29, 2004 the Court of Appeals issued its split opinion that there was no violation of Section 2511 when stored e-mail is accessed, because, since it was in storage, there is no interception within the meaning of the statute. See, story titled "1st Circuit Holds Wiretap Act Does Not Apply to E-Mail in Storage" in TLJ Daily E-Mail Alert No. 930, July 1, 2004.

Also, bills have already been introduced in the Congress that would address the holding in Councilman. See, stories titled "Rep. Nadler Introduces Bill to Criminalize Accessing Stored E-Mail" and "Rep. Inslee Introduces E-mail Privacy Act" in TLJ Daily E-Mail Alert No. 950, August 2, 2004.

There is also the sections of the Criminal Code pertaining to stored communications. However, these are more effective as a restraint on third parties, than as a restraint on LEAs and the entities that store the data. For example, the prohibitions of 18 U.S.C. § 2701 exempt the service provider. The provisions of 18 U.S.C. § 2702 contain exemptions for LEA related activities.

In conclusion, by promoting the development of private intercept management providers, the FCC is shifting a core governmental law enforcement activity to a new category of entity that is largely unconstrained by the factors that keep the LEAs in check. It is also shifting authority to entities that lack the same incentives as the telecommunications carriers and information services providers to protect the privacy and security of the customer.

Moreover, in the case of stored communications and stored data, the law arguably provides insufficient checks upon the activities of not only private intercept management providers, but also of the telecommunications carriers and information services providers.

The consequence of all this is that, perhaps, inevitably, the legal regime regulating electronic surveillance will have to be substantially updated. This would require amendment of criminal provisions of Titles 18 and 50. Only the Congress can do this.

The e-mail address for Tech Law Journal has changed. The new address is as follows:

All previous e-mail addresses no longer operate. This new address is published as a graphic to avoid e-mail address harvesting, and the associated spam messages and malicious code messages. If your e-mail system does not display graphics, see notice in TLJ website.

Tech Law Journal publishes a free access web site and subscription e-mail alert. The basic rate for a subscription to the TLJ Daily E-Mail Alert is $250 per year. However, there are discounts for subscribers with multiple recipients. Free one month trial subscriptions are available. Also, free subscriptions are available for journalists, federal elected officials, and employees of the Congress, courts, and executive branch. The TLJ web site is free access. However, copies of the TLJ Daily E-Mail Alert are not published in the web site until one month after writing. See, subscription information page.

Contact: 202-364-8882.
P.O. Box 4851, Washington DC, 20008.

Privacy Policy
Notices & Disclaimers
Copyright 1998 - 2004 David Carney, dba Tech Law Journal. All rights reserved.