Summary of the FCC's CALEA NPRM |
8/9. The Federal Communications Commission
(FCC) released its
Notice of
Proposed Rulemaking and Declaratory Ruling (NPRM & DR) [100 pages
in PDF] regarding imposing CALEA obligations upon broadband internet access
services and voice over internet protocol (VOIP)
services.
This article reviews some of the highlights of this NPRM. The articles that
follow review in more detail some specific sections of the NPRM. The following
is a list of the titles of articles on this NPRM:
- Summary of the FCC's CALEA NPRM
- Summary of the CALEA NPRM's Tentative Conclusion Regarding Broadband
Internet Access Services
- Summary of the CALEA NPRM's Tentative Conclusion Regarding Certain VOIP
Services
- Summary of the CALEA NPRM's Declaratory Ruling Regarding Push To Talk
Services
- Summary of the CALEA NPRM's Substantial Replacement Analysis
- Summary of the CALEA NPRM's Future Services Analysis
- Summary of the CALEA NPRM's Private Intercept Management Provider Proposal
The NPRM is 100 pages, single spaced, with 426 footnotes. This article, and
the articles that follow, do not review everything that is in this NPRM. The
NPRM also addresses the obligations that the CALEA imposes upon
telecommunications carriers and how these might be extended to information
services, the CALEA's safe harbor standards, the application of the CALEA to
satellite networks, and cost and cost recovery.
The FCC issued this NPRM in response to the
petition for
rulemaking [83 pages in PDF] submitted on March 10, 2004 by the
Department of Justice (DOJ) and two of its
components. The 1994
Communications Assistance for Law Enforcement Act (CALEA) requires
telecommunications carriers to "shall ensure that its equipment, facilities, or
services that provide a customer or subscriber with the ability to originate,
terminate, or direct communications are capable of expeditiously isolating and
enabling the government ... intercept, to the exclusion of any other
communications, all wire and electronic communications carried by the carrier
..."
In other words, the CALEA provides that telecommunications carriers must design
their equipment and networks to facilitate lawfully conducted wiretaps and other intercepts.
Statutes other than the CALEA address what intercepts are lawful.
The DOJ petition requested that the FCC, in effect, expand the scope of the CALEA to
also cover broadband service providers, voice over internet protocol (VOIP) service
providers, and others. The DOJ petitioned the FCC to require various entities to design
and modify their networks, hardware, software, and equipment in a manner that enables
the DOJ to more easily intercept VOIP and other internet based communications. See,
story
titled "Summary of DOJ Petition for Rulemaking to Expand the CALEA to Cover
Information Services" in
TLJ Daily E-Mail
Alert No. 873, April 9, 2004.
The FCC adopted, but did not release, this NPRM at its August 4, 2004 meeting. It
released the text on August 9. Comments will be due 45 days after publication of
a notice in the Federal Register. Reply comments will be due 75 days after
publication in the Federal Register. The FCC has not yet published this notice
in the Federal Register.
See also,
story titled "FCC Adopts NPRM and Declaratory Ruling Regarding CALEA
Obligations" in TLJ Daily E-Mail Alert No. 953, August 5, 2004. See also, stories
titled "FCC Legislatively Expands Scope of CALEA Obligations" in TLJ Daily E-Mail
Alert No. 953, August 5, 2004, and "Powell Discusses Brand X Case" in TLJ Daily
E-Mail Alert No. 954, August 6, 2004.
First, this NPRM is not all that it asserts. The NPRM states that it implements
the CALEA. This mischaracterizes much of what is in the NPRM. It makes tentative
conclusions that are more in the nature of legislative amendment of the statute. The
NPRM states that it gives effect to the intent of Congress. This mischaracterizes much
of what is in the NPRM. It makes tentative conclusions that are either contrary to the
intent of the Congress, or that address issues that were not considered by the Congress
when it passed the CALEA in 1994. The NPRM states that it is intended to remove uncertainty
and bring clarity. This NPRM adds uncertainty.
Perhaps the most significant items in this NPRM are the two threshold
tentative conclusions that broadband internet access services (BIAS) and managed
voice over internet protocol (VOIP) are subject to the requirements of the CALEA.
The NPRM's analysis upon which these tentative conclusions are based is also
important. It builds upon the substantial replacement clause in the CALEA's definition
of "telecommunications carrier". The CALEA provides that its requirements
only apply to a "telecommunications carrier", and that its requirements do not
apply to "information services". The substantial replacement clause provides
that certain services provided by certain entities are subject to CALEA
requirements if their service is "a replacement for a substantial portion of the
local telephone exchange service".
The NPRM gives an interpretation to this provision that is inconsistent the plain
meaning of the words that make up this clause. Nevertheless, this interpretation provides
the FCC with the basis for concluding that broadband internet access services (BIAS) and
managed VOIP services are subject to CALEA requirements. But, in addition, this
interpretation does two other things. First, the construction contained in the NPRM so
changes the meaning given to the substantial replacement clause that it will enable the
FCC and DOJ to sweep many other services and applications that are not discussed in the
NPRM into the coverage of the CALEA. Second, this strained construction, as Commissioners
suggested at the August 4 meeting, may provide the
grounds upon which the final rule will be vacated by Court of Appeals.
Next, the NPRM asserts that it rejects the DOJ's requests regarding other and
future services. These requests drew the harshest criticism from commenters.
However, the rejection may be more
illusory than real, because of the NPRM's substantial replacement analysis. That
is, the NPRM's analysis is not simply that BIAS and managed VOIP services are
substantial replacements, and hence subject to CALEA requirements. The NPRM's
analysis is to first give new meaning to the words in the substantial
replacement clause, and then apply this new meaning to BIAS and VOIP
services. Under the NPRM's newly created meaning, BIAS and VOIP services are
found to be substantial replacements.
But, the meaning given to the substantial replacement clause is so inclusive
and open ended, that if it is incorporated into the final order, it will enable
the FCC and DOJ to employ it to accomplish much of what the DOJ had sought with
its future services request.
Next, while the NPRM addresses the threshold questions of whether BIAS and
certain VOIP services are subject to the requirements imposed by the CALEA, the
NPRM does not provide, or propose, details regarding what technologies will be
swept into the CALEA regime. The NPRM states briefly that it "does not propose
attaching CALEA obligations to services or applications that ``ride over´´ the underlying
broadband transmission, such as e-mail storage, web browsing capabilities, and
Internet gaming." Yet, the NPRM goes on to conclude that certain applications
that do "ride over" (a term that the NPRM does not define) the broadband
transmission are subject to CALEA requirements. Moreover, the NPRM does not
even mention most information services, technologies and applications that might
"ride over" broadband transmissions.
The NPRM also contains a significant proposal regarding enforcement. It states
that "We consider whether" the FCC "may take
separate enforcement action against telecommunications carriers, manufacturers
and providers of telecommunications support services that fail to comply with
CALEA." Yet, the statute gives enforcement authority to the judiciary, not the FCC.
Were the FCC to become the arbiter of enforcement disputes, the power of the DOJ
over carriers and providers of information services would be greatly enhanced,
because, as this NPRM demonstrates, the FCC is far more likely to sustain the
enforcement requests of the DOJ than a federal judge.
The NPRM also contains a notable proposal regarding
the processing of court orders, the installation of
surveillance equipment, the operation of surveillance activities, and other
activities related to carrying out surveillance and intercepts. The NPRM
suggests creating a new category of service provider to perform these functions.
The NPRM seeks comment on this, but does not indicate how the rules contained in
a final order might implement this proposal.
Basically, there are now two types of entities involved in the wiretap process
-- law enforcement agencies (LEAs) and telecommunications carriers. LEAs seek information,
get court orders, and then serve them upon the telecommunications carriers that maintain
the networks. This NPRM proposes a third category. It would include private companies,
such as VeriSign and
Fiducianet, that would provide what the NPRM calls
"intercept management". The inclusion of a proposal regarding these private
intercept management providers in this NPRM is significant for several reasons, none of
which are addressed in the NPRM.
First, the DOJ did ask for this section in its original petition or reply comments.
Second, if implemented, the
development of these private intercept management providers would change the
structure of surveillance. In particular, the legal regime regulating the
searches, seizures, wiretaps and other surveillance, of which the CALEA is just
one part, builds in safeguards to decrease the likelihood that surveillance
powers will be abused. These restrictions and rules are directed at LEAs and telecommunications carriers.
However, many of
these restrictions and rules would provide significantly less incentive to
private intercept management providers to play by the rules. This would require
the Congress to step in and write amendments to the various surveillance related
sections of the Criminal Code and Foreign Intelligence Surveillance Act (FISA),
to take into account the new surveillance functions being performed by private
intercept management providers.
It may also be important to note some of the topics that are not addressed by
this NPRM.
First, while the CALEA only applies to a "telecommunications carrier", and
the most important part of this NPRM is its discussion of what it means to be a
"telecommunications carrier", this NPRM has nothing to say about recent court
opinions that address the meaning of "telecommunications carrier". The Brand X
case is acknowledged only in one footnote. (Also, both Commissioners Michael
Copps and Jonathan Adelstein raise it in their separate statements.) The
Vonage case is not mentioned.
October 16, 2003. The
U.S. District Court (DMinn) issued its
Memorandum and Order [PDF] in Vonage v. Minnesota Public Utilities
Commission, holding that VOIP service provider
Vonage is an information service provider,
and that the MPUC cannot apply state laws that regulate telecommunications
carriers to Vonage. The Court wrote that "State regulation would effectively
decimate Congress's mandate that the Internet remain unfettered by regulation."
The conclusion that a VOIP service provider offers an information service,
rather than telecommunications service, would prevent state and federal
government entities from applying rules that apply to telecommunications, such
as those pertaining to the filing of tariffs, cross subsidies, unbundling,
wiretapping and other electronic surveillance by the FBI and other law
enforcement agencies, and 911. See also,
story
titled "District Court Holds that Vonage's VOIP is an Information Service" in
TLJ Daily E-Mail
Alert No. 760, October 17, 2003.
On October 6, 2003 the U.S. Court of
Appeals (9thCir) issued its
opinion
[39 pages in PDF] in Brand X Internet Services v. FCC, vacating the FCC's
declaratory ruling that cable modem service is an information service, and that
there is no separate offering as a telecommunications service. See also,
story
titled "9th Circuit Vacates FCC Declaratory Ruling That Cable Modem Service is
an Information Service Without a Separate Offering of a Telecommunications
Service" in TLJ
Daily E-Mail Alert No. 754, October 7, 2003.
The position taken in this NPRM, which is supported by the three Republican
members of the FCC, is that "telecommunications carrier" has one meaning in the
context of the Communications Act, and an entirely different, and inconsistent
meaning, in the context of the CALEA. The Brand X and Vonage cases
are not CALEA related disputes.
Second, there are two preliminary issues upon which the NPRM does not seek
comment. The DOJ petition, as well as comments and reply comments reveal that
there is considerable factual dispute over these issues. There is the issue of
whether telecommunications carriers and information service providers are now
capable of providing the intercept capabilities for new technologies, and are
complying with lawful intercept orders. The DOJ and other LEAs argued that
service providers are not providing capabilities, and evidence is being lost. On
the other side, many carriers and services providers vehemently disputed these
allegations in their comments.
There is also the issue of the extent to which new information services are
harming efforts by LEAs. The DOJ and other LEAs argued that their efforts are
suffering. On the other side, a few commenters argued the opposite, that new
technologies now enable law enforcement to obtain more information, and do more
with it. The PSTN provided the LEAs with access to conversations, while new
technologies also enable the transfer, and hence interception, of large
quantities of data. New technologies also electronically store communications
that the PSTN never stored. Finally, new information technologies enable LEAs to
electronically store, analyze and access the data that it obtains.
The NPRM notes in passing that some commenters disputed that they are not
facilitating lawful intercept orders. The NPRM does not address whether or not
new information technologies also further LEA's efforts.
The NPRM merely states that "Advances in technology, however,
most notably the introduction of digital transmission and processing techniques
and the proliferation of wireless and Internet services, such as broadband
access services, have challenged the ability of LEAs to conduct lawful
surveillance." The NPRM makes no findings, and does not ask for any comments,
regarding these two disputed preliminary issues.
It appears that the FCC has decided these two issues in favor of
the DOJ without so stating.
Finally, this is a permit-but-disclose notice and comment rule making
proceeding. This NPRM is FCC 04-187 in ET Docket No. 04-295 and RM-10865.
|
|
|
Summary of the CALEA NPRM's
Tentative Conclusion Regarding Broadband Internet Access Services |
8/9. The Federal Communications
Commission's (FCC) CALEA
NPRM
[100 pages in PDF], released on August 9, 2004, tentatively concludes that
"facilities-based providers of any type of broadband Internet access service,
whether provided on a wholesale or retail basis, are subject to CALEA". (See,
NPRM at Paragraph 1.)
The notice of proposed rulemaking (NPRM) elaborates that "we tentatively conclude
that facilities-based providers of any type of broadband Internet access, including but
not limited to wireline, cable modem, satellite, wireless, and broadband access via the
powerline, whether provided on a wholesale or retail basis, are subject to CALEA ...
because they provide replacement for a substantial portion of the local telephone exchange
service used for dial-up Internet access service and such treatment is in the public
interest. We base this belief on our reading of CALEA and its legislative history as well
as the record thus far." (Footnotes omitted. See, NPRM at Paragraph 47.)
The NPRM also suggests, and seeks public comment on, the position that certain
providers of broadband internet access services (BIAS) should not be subject to
Communications
Assistance for Law Enforcement Act (CALEA) requirements. The NPRM states that
"There may exist discrete groups of entities for which the public interest may not
be served by including them under the Substantial Replacement Provision. ... For
example, entities that deploy broadband capability to consumers in underserved
areas may fall in this category because of the potential deterrent effect it
could have on deployment in particular circumstances (negatively impacting the
first and second factors, i.e., protecting competition and encouraging the
development of new technologies). Small businesses that provide wireless
broadband Internet access to rural areas may be one example". (Footnotes
omitted. Parentheses in original. See, NPRM at Paragraph 49.)
Thus, the NPRM addresses the threshold question of whether providers of BIAS,
with certain possible exceptions for providers in underserved and rural areas, are
subject to the requirements imposed by the CALEA.
Beyond this, the NPRM does not provide, or propose, details regarding what technologies
will be included within the CALEA regime. It asks for comments on these details.
The NPRM states briefly that it "does not propose
attaching CALEA obligations to services or applications that ``ride over´´ the underlying
broadband transmission, such as e-mail storage, web browsing capabilities, and
Internet gaming." (See, NPRM at Paragraph 51.) The NPRM does not define or
discuss the meaning of the term "ride over".
Almost all current internet based services and applications that might be construed
to "ride over" the broadband transmissions are not addressed in the NPRM. The
NPRM makes no mention of online shopping, e-commerce, auction web
sites, interactive computer services, and other services and applications.
On the other hand, the NPRM does tentatively conclude that certain VOIP
services are subject to CALEA requirements. VOIP services are an application that
"rides over" the broadband transmissions. Similarly, the NPRM declares that
push to talk is subject to CALEA requirements. Currently, push to talk is being provided
by cellular phone companies. However, it is likely at some point that push to talk
functionality will be provided as an internet protocol service. The NPRM is written broadly
to cover this application that "rides over".
The NPRM mentions e-mail in the above quoted Paragraph 51. There are other
mentions of e-mail in this paragraph. There is also a reference to e-mail in the
NPRM's section on VOIP. It reads, "We make clear that we do not, however,
solicit comment on packet-based or broadband services that are clearly excluded
from CALEA such as electronic mail." (See, NPRM at Footnote 168.)
Thus, e-mail is barely discussed. And, to the extent that it is, the NPRM
states that it is "excluded from CALEA", and that the NPRM "does not propose
attaching CALEA obligations to ... e-mail storage".
The Department of Justice (DOJ) has made clear
in the hearings before the Congress, and in the context of pending legislation, that it
is very concerned about intercepting e-mail. Indeed, at the request of the DOJ, the Congress
included in the USA PATRIOT Act a section that amended the pen register and trap and trace
language of Title 18. (See, § 216 of
HR 3162 in
the 107th Congress.) It previously allowed law enforcement agencies (LEAs) to obtain
incoming and outgoing phone numbers dialed or punched by phone users. The PATRIOT Act
broadened the provision to include addressing and routing information in electronic
communications, such as e-mail TO: and FROM: lines. Moreover, the FBI's
Carnivore was designed with e-mail in mind.
The DOJ also wrote in its
petition for
rulemaking [83 pages in PDF] to the FCC that the 1986 Electronic Communications
Privacy Act (ECPA) expanded the scope of lawful intercepts to include electronic
communications including e-mail, and that the 1994 CALEA was intended to enable LEAs to
conduct their lawful intercepts. (See, DOJ Petition at Pages 2-3.) In addition, the DOJ
wrote that the legislative history of the CALEA makes clear that Congress intended that
e-mail in transit is subject to CALEA requirements. (See, DOJ Petition at Page 27.)
Hence, it is clear that the DOJ is interested in intercepting e-mail
communications -- both content and addressing information -- and believes that
this is subject to CALEA requirements.
Perhaps it is important to note both that the NPRM's brief treatment of e-mail
includes the qualification of "storage", and the DOJ treatment of e-mail includes
the word "transmission". Perhaps the direction that the FCC intends to take
is that the interception of e-mail in transit is subject to the requirements of
the CALEA, but that e-mail in storage is not. But then, accessing stored e-mail
does not present the technological problems that intercepting e-mail does. The
DOJ does not need the CALEA to make accessing stored e-mail easier. Whatever the
case, the NPRM is vague, and seeks comments.
In conclusion, if the NPRM contemplates that certain VOIP, IP based push to
talk, and e-mail in transit will all be subject to CALEA requirements, just what does
the NPRM mean when it states that CALEA obligations do not extend to "applications
that ``ride over´´ the underlying broadband transmission"? The NPRM does not explain.
The NPRM concludes its discussion of this subject with the following: "We seek comment
on this analysis."
Finally, there is a key footnote in this section, that states that schools,
libraries, hotels and coffee shops may not be subject to CALEA requirements. It states
that "We note that establishments acquiring broadband Internet access to permit their
patrons to access the Internet do not appear to be covered by CALEA (assuming they were
otherwise ``telecommunications carriers´´ under CALEA). Examples of these entities include
schools, libraries, hotels, coffee shops, etc." (Parentheses in original. See,
NPRM at Footnote 133.)
This footnote continues that "The underlying facilities-based broadband
transmission providers that sell the broadband access service to these establishments
to enable Internet access for their patrons would, however, be responsible for CALEA
obligations under our tentative conclusion and thus Law Enforcement's needs would be
addressed through these providers." (See, NPRM at Footnote 133.)
|
|
|
Summary of the CALEA NPRM's Tentative
Conclusion Regarding Certain VOIP Services |
8/9. The
Federal Communications Commission's (FCC) CALEA
NPRM
[100 pages in PDF], released on August 9, 2004, tentatively concludes that
"``managed´´ Voice over Internet Protocol (``VoIP´´) services are subject to
CALEA". (See, NPRM at Paragraph 1.)
The notice of proposed rulemaking (NPRM) elaborates that "We tentatively
conclude that providers of managed VoIP services, which are offered to the general
public as a means of communicating with any telephone subscriber, including parties
reachable only through the PSTN, are subject to CALEA." It bases this conclusion
upon the substantial replacement clause of the CALEA. (Footnotes omitted. See, NPRM at
Paragraph 56.)
The NPRM also tentatively concludes that "providers of non-managed, or
disintermediated, communications should not be subject to CALEA". It adds that these
"Non-managed VoIP services" include "peer-to-peer communications and voice
enabled Instant Messaging". (See, NPRM at Paragraph 58.)
The NPRM seeks comments on this approach.
There is much to be clarified in this rule making process. The NPRM does not
define the term "managed VOIP services". Nor does it explain the dichotomy of
managed and non-managed services. The NPRM, taken literally, applies the term
"managed" to any service that enables users to reach any phone subscriber.
For practical purposes, this would be the capacity to reach a wireline or cellular phone
on the PSTN.
The Department of Justice (DOJ) petitioned
the FCC with a vastly different concepts of "managed" and "mediator"
in mind. The DOJ's petition
for rulemaking [83 pages in PDF] references the terms "managed" VOIP services
"mediator", in a lengthy footnote. (See, DOJ petition, footnote 39, at pages
16-17.)
The DOJ wrote that a mediated VOIP service is one that is provided by "an
entity that both provides the broadband access service that enables the
telecommunications ... and acts as a mediator that provides any connection
management". This might include a VOIP service offered as part of a cable
company's broadband internet access package.
The NPRM, in contrast, does not associate the words managed or mediated with
the concept of providing the underlying broadband internet access service.
The DOJ also wrote that "A stand-alone broadband telephony service provider
includes entities that do not offer broadband access but do provide fully- or
partially-managed broadband telephony service. Stand-alone broadband telephony
service providers own or lease transmission facilities in order to manage
quality of service and are thereby responsible to the customer for the transport
of packets." The DOJ argued that both of these types of services, as well as
others, should be subjected to CALEA obligations.
The NPRM tentatively rejects the DOJ's proposed approach. It states that "We
tentatively decline to adopt Law Enforcement’s recommendation of basing
statutory classifications on proposed ``business models.´´ We have strong
concerns that such a regulatory approach could be easily circumvented and could
adversely affect innovation by giving VoIP service providers a regulatory
incentive (rather than a business or technical incentive) to design their
services to avoid falling within one of the covered business models.
Nevertheless, we invite comment on the proposed models and on the business model
approach generally." (Parentheses in original. See, NPRM at Paragraph 57.)
The NPRM is not clear on the regulatory treatment of a service or
application provider who does not own broadband internet access facilities, but
does enable subscribers or users to communicate with a device on the PSTN. Under
a literal reading of Paragraph 56 of the NPRM, this provider would be subject to
CALEA requirements. But, such a conclusion would arguably be inconsistent with
Paragraph 51 of the NPRM, which states that the NPRM "does not propose
attaching CALEA obligations to services or applications that ``ride over´´ the
underlying broadband transmission".
|
|
|
Summary of the CALEA NPRM's Substantial
Replacement Analysis |
8/9. The Federal Communications Commission's (FCC)
CALEA NPRM
[100 pages in PDF], released on August 9, 2004 tentatively concludes that
broadband internet access services (BIAS) and certain voice over internet
protocol (VOIP) services are subject to the requirements of the CALEA. To reach these
conclusions the NPRM had to surmount two substantial obstacles to such
conclusions. First, the CALEA provides that it only imposes obligations upon a
"telecommunications carrier". Second, it provides that it does not impose
obligations upon information services. The CALEA does, however, contain a clause
pertaining to substantial replacement that forms the entire basis of the NPRM's
tentative conclusions.
The Statute. § 102(8) of the
Communications
Assistance for Law Enforcement Act (CALEA), which is codified at
47 U.S.C. § 1001(8),
provides the following definition of "telecommunications carrier".
(8) The term ``telecommunications carrier''--
(A) means a person or entity engaged in the transmission or switching of
wire or electronic communications as a common carrier for hire; and
(B) includes--
(i) a person or entity engaged in providing commercial mobile service (as
defined in section 332(d) of this title); or
(ii) a person or entity engaged in providing wire or electronic
communication switching or transmission service to the extent that the
Commission finds that such service is a replacement for a substantial
portion of the local telephone exchange service and that it is in the public
interest to deem such a person or entity to be a telecommunications carrier
for purposes of this chapter; but
(C) does not include--
(i) persons or entities insofar as they are engaged in providing
information services; and
(ii) any class or category of telecommunications carriers that the
Commission exempts by rule after consultation with the Attorney General."
The NPRM's Substantial Replacement Analysis. The notice of proposed
rulemaking (NPRM) focuses on
the clause found at § 102(8)(B)(ii) of the
CALEA.
This clause pertains to something that is a "replacement for a substantial
portion of the local telephone exchange service". The NPRM tentatively concludes
that certain services are just such a replacement.
More specifically, the statute, in its definitional section, defines a
"telecommunications carrier" as "a person or entity engaged in the transmission
or switching of wire or electronic communications as a common carrier for hire".
But then, § 102(8)(B)(ii) provides that a "telecommunications carrier" also
"includes ... a person or entity engaged in providing wire or electronic
communication switching or transmission service to the extent that the
Commission finds that such service is a replacement for a substantial portion of
the local telephone exchange service ...".
The plain meaning of this clause presents several impediments to the conclusions in
the NPRM. For example, broadband internet access services, which the the NPRM
tentatively concludes are subject to the CALEA under § 102(8)(B)(ii), enable users
to visit web pages, publish web pages, search the web, make purchases and sales, use
interactive computer services, enter chat rooms, and send and receive e-mail, instant
messages, video messages, and text messages. Moreover, law enforcement surveillance
extends to these activities. If § 102(8)(B)(ii) is understood as it is plainly worded,
then the FCC's tentative conclusion that broadband internet access
service is a "replacement for a substantial portion of the local telephone
exchange service" necessarily implies that activities such as web surfing, online
shopping, and the use of interactive computer services replaces a substantial portion
of old fashioned phone service. This is untenable.
The NPRM therefore gives § 102(8)(B)(ii) a meaning contrary to its plain
meaning. It takes the language, word by word, and phrase by phrase, and applies
meanings to words that are inconsistent with the meaning that those words
possess for persons who speak the English language.
Step by step, this is the interpretation created for § 102(8)(B)(ii) in the
NPRM. (See, NPRM at Paragraphs 42-44.)
First, the NPRM reconstructs the phrase "wire or electronic communication
switching". Switching, the FCC writes, does not actually mean using
"switches", a term that otherwise possesses a clear meaning. Rather, it also
means "routers", notwithstanding the fact that the Congress did not include
the term "routers" in the statute. Moreover, the NPRM asserts that
switching also includes use of any equipment that provides addressing functions on
internet protocol networks.
Second, the NPRM reconstructs the word "substantial". The statute requires
that there be a "a replacement for a substantial portion". Substantial is a high
standard -- too high to bring broadband internet services within the
scope of § 102(8)(B)(ii). So, the NPRM decides that "substantial" does not mean
"substantial". Rather, it really means "any". (See, NPRM, at
Paragraph 44, sentence 2.)
Third, the NPRM reconstructs the word "replacement". The NPRM decides
that "replacement" may not mean "replacement". Rather, it may mean
"substitutability". The NPRM is vague on this. Nevertheless, the FCC has used
the term substitution, not in its plain sense (as when one quarterback is substituted for
another quarterback), but rather in an economic sense. See for example, the FCC's
notice of proposed rulemaking (NPRM) [97 pages in PDF] regarding regulation
of internet protocol services, including voice over internet protocol (VOIP).
This NPRM is FCC 04-28 in WC Docket No. 04-36. It is also sometimes referred to
as the IP Enabled Services NPRM.
That is, there exists substitutability between two products or services when, if the
price of the one product or service is changed, it affects the demand for the other. Far more
products and services are substitutions for each other than are
replacements for each other. For example, an increase in the price of airline
tickets might increase the demand for phone services, and hence, air travel
services could be an economic substitute for phone service. But, it could not be
argued that air travel is a replacement for phone service.
Nevertheless, the NPRM is vague on this point. It also suggests
that by "replacement" it means "functional substitutability" rather than
"economic substitutability". This raises the question of what the NPRM means by
the term "functional substitutability". It is not explained or defined in the
NPRM, or in the earlier NPRM on IP enabled services. Indeed, the following Google search produces
only one web page: site:www.fcc.gov
"functional substitutability". That web page is this NPRM.
Fourth, the NPRM reconstructs the relevant unit of analysis. The language of
the statute is "a replacement for a substantial portion of the local telephone
exchange service" (emphasis added). That is, under the plain meaning of
the statute, one must consider whether the service is a replacement. Notwithstanding
this language in the CALEA, the NPRM decides that there is a "replacement of any
portion of an individual
subscriber's functionality" (emphasis added). That is, the FCC decides that
the unit of analysis is any individual.
Fifth, the NPRM reconstructs the phrase "local exchange service".
The FCC decides that "local exchange service" does not mean "local exchange
service". Rather, it means "Internet access" by phone modem.
Sixth, the NPRM reconstructs the structure of the definition of
"telecommunications carrier". The NPRM treats the substantial
replacement clause as though it were structured as an exception to the
information services exclusion. That is, the NPRM treats the substantial
replacement clause as though the statute provided that "CALEA requirements apply
to services providers who are telecommunications carriers, and not information
services providers, except when the services are a substantial replacement ...".
This is not the structure of § 102(8). First, it provides a definition of
"telecommunications carrier" (§ 102(8)(A)). It then provides four separate
clauses, all of which equally qualify § 102(8)(A). For the purposes of this
analysis, only two are relevant. § 102(8)(B)(ii) qualifies the definition of
"telecommunications carrier" by including substantial replacements. § 102(8)(C)(i)
qualifies the definition of "telecommunications carrier" by excluding
information services. The substantial replacement clause does not override or
trump the information services clause any more than the information services
clause overrides or trumps the substantial replacement clause. The way the
statute is structured, substantial replacements and information services are
both treated as qualifiers of the underlying definition, and hence, should be
understood as mutually exclusive categories.
The result of each of these contorted constructions of clauses in the CALEA
is to broader the reach the CALEA's requirements. Taken together, all of these
reconstitutions give the FCC a concept of "telecommunications carrier" that is
inconsistent with the plain meaning the words drafted by the Congress, that bears
little resemblance to the meaning of this term under the Communications Act, and that
enables the DOJ and FCC to broadly claim that many things that are telecommunications
services, information services, or neither, are subject to CALEA requirements.
Statements by FCC Commissioners. The separate statements of
Commissioners reflect varying degrees of unease with the NPRM's substantial
replacement analysis.
Kathleen Abernathy,
who supported the NPRM, warned in a
separate statement [PDF] that "at the end of the day, the federal courts --
rather than this Commission -- will be the arbiter of whether we are authorized
to take the actions proposed in this rulemaking, and we must remain mindful of
that fact as we consider final rules."
FCC Commissioner Michael
Copps was bluntly critical of the substantial replacement analysis. He wrote in a
separate statement [PDF] that the NPRM "is flush with tentative conclusions
that stretch the statutory fabric to the point of tear. If these proposals
become the rules and reasons we have to defend in court, we may find ourselves
making a stand on very shaky ground. It would be a shame if our reliance on thin
legal arguments results in the CALEA rules being thrown out."
He wrote that "it strains credibility to suggest that Congress intended ``a
replacement for a substantial portion of the local telephone exchange´´ to mean
the replacement of any portion of any individual subscriber's functionality.
Capturing VoIP under the rubric of substantial replacement, ignoring the Ninth
Circuit's decision in Brand X, and trying to slice and dice managed and
non-managed services is not the way to proceed here."
FCC Commissioner
Jonathan Adelstein
wrote in a
separate statement [PDF] that this NPRM "seizes upon notable but thin
distinctions between definitions in CALEA and the Communications Act. Moreover,
the item does not acknowledge fully and seek comment on existing precedent that
is in tension with the tentative conclusions here. For example, whether or not
the Commission ultimately appeals the decision in the Ninth Circuit’s Brand X
case, which concluded that broadband access via cable modem includes a
``telecommunications service,´´ this Notice’s failure to seek comment on a legal
analysis that would comport with the Circuit’s holding is an unnecessary
failing."
Finally, while the NPRM bases its tentative conclusions upon the substantial
replacement clause in the CALEA, the NPRM does not close the door to other
possible bases. For example, it suggests briefly that the authority to impose
CALEA like requirement might be imposed, not by construing the CALEA, but by
invoking 47 U.S.C. §
151. The NPRM states that "Section 151 of the Communications Act charges the
Commission with carrying out its obligations for a number of stated purposes,
including ``for the purpose of the national defense´´ and ``for the purpose of
promoting safety of life and property.´´" (See, NPRM at Paragraph 59.)
|
|
|
|
Washington Tech Calendar
New items are highlighted in red. |
|
|
Tuesday, August 17 |
The House and Senate are in recess through September 6.
9:00 - 11:00 AM. The
U.S. Chamber of Commerce will host an
event titled "Intellectual Property Rights Roundtable". The speakers
will be Nancy Kratzer and David Faulconer of the Department of Homeland Security's
(DHS) National Intellectual
Property Rights Coordination Center. The U.S. Chamber
notice states that "This Event Is NOT Open To The Press."
9:30 AM. John Muleta, Chief of the
Federal Communications Commission's (FCC)
Wireless Telecommunications Bureau, will hold a briefing. The FCC notice
states that this briefing is "for members of the media" and that persons
planning to attend should contact Lauren Patrich at 202 418-7944 or
lauren.patrich@fcc.gov. Location:
FCC, 445 12th Street, SW, Room TW A-402/A-442.
? 1:00 PM. The House
Homeland Security Committee will hold a hearing regarding the 9/11 Commission
recommendations on information sharing. The witnesses will include Assistant Secretary
of Homeland Security, Patrick Hughes. Location: Room 2118, Rayburn Building.
1:30 - 4:00 PM. The Federal Communications
Commission's (FCC) WRC 07 Advisory
Committee, Informal Working Group 1: Terrestrial and Space Science Services, will meet.
See, notice
[PDF]. Location: FCC, 445 12th Street, SW, 8th Floor, Room 8-B411 (Conference Room #5).
6:00 - 8:15 PM. The DC Bar Association's
Intellectual Property Law Section and Computer and Telecommunications Law Section will
host a continuing legal education (CLE) program titled "Introduction to Anti-Spam
Laws". The speakers will be
Jason Levine
(Covington & Burling) and Samuel Kaplan
(Department of Justice). Prices vary. See,
notice.
For more information, contact 202-626-3488. Location: D.C. Bar Conference
Center, B-1 Level, 1250 H Street, NW.
|
|
|
|
|
Thursday, August 19 |
10:00 AM. The
Senate Judiciary Committee will
hold a hearing titled "The 9-11 Commission and Recommendations for the
Future of Federal Law Enforcement and Border Security". The witnesses
will include
Asa Hutchinson,
the Under Secretary for Border and
Transportation Security at the Department of Homeland Security.
See, notice. Location: Room
226, Dirksen Building.
12:00 NOON - 1:30 PM. The DC Bar
Association's International Law Section and Antitrust and Consumer Law Section
will host a panel discussion titled "The Reach Of U.S. Antitrust Law After
Empagran". The subject will be the U.S. Supreme Court's June 14, 2004
opinion [23 pages in PDF] in F. Hoffmann-La Roche Ltd., v. Empagran,
S.A. The speakers will be Steven Mintz (Department of Justice,
Antitrust Division),
Peter Orszag
(Brookings Institution),
Elaine
Metlin (Dickstein Shapiro), and
Jonathan Franklin (Hogan & Hartson). See,
notice.
Prices vary from $10-$15. For more information, call 202 626-3463. Location:
Fried Frank, 1001 Pennsylvania Ave., NW.
6:00 - 9:15 PM. The DC Bar
Association's Telecommunications Law Section will host a continuing legal education
(CLE) program titled "New FCC Media Ownership Rules Made Simple". The
speakers will be Tom
Davidson (Akin Gump) and
Gregory Masters (Wiley
Rein & Fielding). Prices vary. See,
notice.
For more information, contact 202-626-3488. Location: D.C. Bar Conference
Center, B-1 Level, 1250 H Street, NW.
|
|
|
Friday, August 20 |
10:00 AM. The House Judiciary Committee's
Subcommittee on Commercial and Administrative Law and Subcommittee on the Constitution
will hold a joint hearing titled "Privacy and Civil Liberties in the Hands of the
Government Post-September 11, 2001: Recommendations of the 9/11 Commission and the U.S.
Department of Defense Technology and Privacy Advisory Committee". The witnesses
will include Nuala
Kelly, Chief Privacy Officer of the Department of
Homeland Security. The hearing will be webcast. Location: Room 2141, Rayburn Building.
|
|
|
Monday, August 23 |
10:00 AM. The
House Financial Services
Committee will hold a hearing titled "The 9/11 Commission Report:
Identifying and Preventing Terrorist Financing". See,
report of the
National Commission on Terrorist Attacks Upon
the United States (9-11 Commission). Press contact: Peggy Peterson at 202
226-0471. Location: Room 2128, Rayburn Building.
Deadline to submit reply comments to the Federal
Communications Commission (FCC) in response to its notice of proposed rulemaking
(NPRM) regarding the reporting requirements for U.S. providers of international
telecommunications services. This NPRM is FCC 04-70 in IB Docket No. 04-112. See,
notice in the Federal Register, May 25, 2004, Vol. 69, No. 101, at Pages
29676 - 29681.
|
|
|
Wednesday, August 25 |
10:30 AM - 12:15 PM. The
Federal Communications Commission (FCC) will
hold an event titled "Discussion on the Debt Collection Improvement Act
Rules and Rules Governing Applications or Other Request for Benefits by
Debtors". See,
notice [PDF]. Location: FCC, Commission Meeting Room, 445 12th Street, SW.
12:15 PM. The Federal Communications Bar
Association's (FCBA) Online Communications Practice Committee will host a brown bag
lunch. The topic will be Federal Communications Commission (FCC) and
Department of
Agriculture (USDA) policies related to deployment of wireless broadband
services in rural areas. The speakers will be Peter Corea (Special Counsel, FCC's
WTB's Broadband Division) and Chris Moore (USDA). For more info contact Ann Bobeck at
abobeck@nab.org. RSVP to Evelyn Opany at
evelyn.opany@piperrudnick.com Location:
Piper Rudnick, 1200 19th St., NW, 7th
Floor.
Deadline to submit reply comments to the
Federal Communications Commission (FCC) in response to
its Notice
of Inquiry (NOI) [30 pages in PDF] regarding its annual report to the Congress on the
status of competition in the market for the delivery of video programming. See also, story
titled "FCC Adopts NOI For Annual Report to Congress on Video Programming" in
TLJ Daily E-Mail Alert No. 916, June 11, 2004. This NOI is FCC 04-136 in MB Docket No.
04-227. See also,
notice in the Federal Register, July 1, 2004, Vol. 69, No. 126, at Pages
39930 - 39933.
Deadline to submit comments and notices of intention to
participate to the Copyright Office regarding
ascertainment of controversy for the 2002 cable royalty funds. The CO published a
notice in the Federal Register that "directs all claimants to royalty fees
collected for calendar year 2002 under the cable statutory license to submit comments
as to whether a Phase I or Phase II controversy exists as to the distribution of those
fees and announces the deadline for the filing of Notices of Intention to Participate
in a royalty distribution proceeding concerning those royalty fees." See, Federal
Register, July 26, 2004, Vol. 69, No. 142, at Pages 44548 - 44549.
|
|
|
Summary of the CALEA NPRM's Declaratory
Ruling Regarding Push To Talk Services |
8/9. The Federal Communications Commission's (FCC) CALEA
NPRM
[100 pages in PDF], released on August 9, 2004 contains a declaratory ruling that
push to talk services are subject to CALEA requirements.
The notice of proposed rulemaking (NPRM) first addresses Commercial Mobile
Radio Service (CMRS) providers, or cellular providers. The NPRM states that "CMRS
carrier offerings of push-to-talk service that are offered in conjunction with
interconnected service to the PSTN, but may use different technologies, are subject to
CALEA requirements." (See, NPRM at Paragraph 146.) But, if the push to talk service
does not enable connection to someone on the public switched telephone network (PSTN),
then it is not subject to CALEA requirements.
The NPRM continues that "We find that whether a CMRS carrier's push-to-talk
service offering is subject to CALEA depends on the regulatory definition and functional
characteristics of that service and not on the particular technology the carrier chooses
to apply in offering it. Therefore, we conclude that regardless of what newer technologies
a CMRS carrier may use in its offering of push-to-talk ``dispatch service,´´ it continues
to be subject to the requirements of CALEA, if the required definitional element for CMRS
service is met, i.e., the delivery of the push-to-talk service is offered in conjunction
with interconnected service to the PSTN."
Then the NPRM adds this. "We qualify this approach, however, recognizing that
what has been termed ``private dispatch services´´ may be developed or implemented in a
manner that raises issues pertaining to the Substantial Replacement Provision. For example,
an entity might deploy a seemingly ``private´´ or ``closed´´
push-to-talk services that may satisfy all three prongs of the Substantial
Replacement Provision such that this service would be subject to CALEA." (See,
NPRM at Paragraph 151.)
There is also a footnote to this paragraph. It provides, in part, "For
instance, some wireless push-to-talk offerings being developed will rely on
Wi-Fi, combined with VoIP, and unlike CMRS-based push-to-talk that provides the
capability of interconnecting to the local exchange network, would not
interconnect to the PSTN." (See, NPRM at Footnote 348.)
|
|
|
Summary of the CALEA NPRM's Future Services
Analysis |
8/9. The
Federal Communications Commission's (FCC) CALEA
NPRM
[100 pages in PDF], released on August 9, 2004, addresses the
Department of Justice's (DOJ) request that
certain future services also be subjected to CALEA requirements.
The DOJ's March 10, 2004
petition for
rulemaking [83 pages in PDF] included several related requests.
First, the DOJ petition requested that the FCC "require any carrier that believes
that any of its current or planned equipment, facilities, or services are not
subject to CALEA to immediately file a petition for clarification with the
Commission to determine its CALEA obligations." (See, DOJ petition, at page 34.)
The petition also stated that the FCC's rules "should provide that (1) a
service that directly competes against a service already deemed to be covered by
CALEA is presumptively covered by CALEA pursuant to Section 102(8)(A) of CALEA;
(2) if an entity is engaged in providing wire or electronic communication
switching or transmission service to the public for a fee, the entity is also
presumptively covered by CALEA pursuant to Section 102(8)(A) of CALEA; and (3) a
service currently provided using any packet-mode technology and covered by CALEA
that subsequently is provided using a different technology will presumptively
continue to be covered by CALEA." (See, DOJ petition, at page 33.)
Numerous commenters strongly criticized some or all of these requests. For
example, the Center for Democracy and Technology (CDT)
wrote in its comment
[PDF] (at page 29) that, "To put it bluntly, this is nonsensical. The statute places
no burden on any carrier to prove that its service is not subject to CALEA before going
forward with a new technology -- that would be a hyper-regulatory burden of the worst
kind. Moreover, the plain terms of CALEA state exactly the opposite."
Similarly, the ISP CALEA Coalition wrote in its
comment [PDF] (at page 32) that "This suggestion is breathtaking, both in its
contradiction of Congress's plain instructions and in the devastating impact it would
have on innovation and on the competitive position of U.S. companies in international
technology markets. Such a regulatory pre-approval process would impose the cost of
building wiretap capabilities into new technologies even before it is clear whether
they will succeed, as well as the substantial costs of delay in fast-moving technology
markets – and these costs would be particularly damaging for the small and start-up
companies that have historically driven much of technological innovation."
The NPRM does not grant the DOJ its requests. This is one of the few
significant items requested by the DOJ that the FCC denied.
The NPRM, citing both of the above quoted sections of the DOJ's petition, states
that "We tentatively conclude that it is unnecessary for us to adopt Law
Enforcement's proposal regarding the identification of future services and entities
subject to CALEA." (See, NPRM at Paragraph 60.)
However, the CDT, ISP CALEA Coalition, and other opponents of the future
services proposals may only have won a pyrrhic victory.
The reason is that the NPRM's analysis of the substantial replacement clause
of the CALEA attaches a new meaning to that clause that is so broad
that it could enable the DOJ and FCC to sweep many varieties of new
applications, services and technologies into the scope of the CALEA. It is also
sufficiently vague that many providers will not know from the statute and the
FCC's rules whether they are subject to CALEA requirements.
There is also the statement in the NPRM that the FCC need not create a
new procedure for applying to the FCC, because "providers of new services may avail
themselves of existing Commission procedures to seek clarification as to whether
they are covered under CALEA." (See, NPRM at Paragraph 61.) Moreover, there is
the suggestion elsewhere in the NPRM that the FCC assume an enforcement role.
In short, the substantial replacement analysis, if incorporated into the
final order, would hang the sword of Damocles above the heads of investors,
developers and providers of new information services. The only way to remove
this threat would be to petition the FCC in advance for license to develop a
product. And this is, in essence, what the DOJ sought with it future services
requests.
|
|
|
Summary of the CALEA NPRM's Private Intercept
Management Provider Proposal |
8/9. The Federal Communications
Commission's (FCC) CALEA
NPRM
[100 pages in PDF], released on August 9, 2004, contains a proposal regarding the
processing of court orders, the installation of surveillance equipment, the operation
of surveillance activities, and other activities related to carrying out surveillance and
intercepts. The NPRM suggests that carriers and service providers rely upon a new category
of service provider to perform these functions. The NPRM seeks comment on this, but does
not indicate how the rules contained in a final order might implement this proposal.
Summary of NPRM Proposal. The NPRM includes a section that suggests that it
will not be the telecommunications carriers and information services providers who will
intercept the calls and data for which the law enforcement agencies (LEAs) have obtained
court orders. Rather, third party providers will access the calls and data, analyze
it, process it, and deliver it to the LEAs. (See, NPRM at Paragraphs 1 and 69-76.)
The NPRM states that "We seek comment on ... the feasibility of carriers
relying on a trusted third party to manage their CALEA obligations and to provide to law
enforcement agencies (``LEAs´´) the electronic surveillance information they require in an
acceptable format." (See, NPRM at Paragraph 1.) The NPRM further states that this
provider "manages the intercept process", and that this provider would
"analyze the data and provide a LEA with only that
information to which it is entitled". (See, NPRM at Paragraph 69.)
The NPRM also offers a rationale for the use of these private
intercept management providers. They "would be an efficient method to extract
information from packets" and they "might provide economies of scale for small
carriers". (See, NPRM at Paragraph 72.)
This is a point that both VeriSign and
Fiducianet make in their filings with the FCC.
They have not made public any significant financial data regarding costs and prices.
Nevertheless, their argument is that a small service provider could spend hundreds
of thousands of dollars on purchasing and installing equipment, and more for employee
training and time, even though it might only rarely be called upon by LEAs to conduct
intercepts.
Alternatively, a company that specializes in intercepts, and is
familiar with LEA procedure, could install equipment on a service provider's
premises, that the company would access remotely, to manage the interception
requested by LEAs. The capacity would be scaled to that service provider's size. These
private intercept management providers would bill the information service
providers (and especially small providers) much less than they would spend if
they were to manage their own intercepts. See for example, VeriSign's original
comment [15 pages in PDF],
ex parte paper [22 pages in PDF], and
reply comments [8 pages in PDF] and Fiducianet's
ex parte notice [PDF].
Also, while the proponents of this proposal are private companies, the NPRM adds
that these private intercept management providers "could be owned by the packet
service provider or Law Enforcement, or it could be an independent surveillance service
provider who contracts with individual carriers." (See, NPRM at Paragraph 75.)
The NPRM uses the term "trusted third party" repeatedly in this section.
Although, it once uses the term "independent surveillance service provider". The
companies that have ambitions to develop this industry, such as VeriSign and
Fiducianet, tend to use the term "service bureau". Neither the term "trusted
third party" nor the term "service bureau" carries much descriptive content.
This series of articles uses the term "private intercept management provider"
because it is descriptive of the entities that would perform this function.
The DOJ Petition Did Not Make This Request. Most of what
is in the NPRM is a reaction to requests included in the DOJ's petition for
rulemaking. The NPRM gave the DOJ some of what it requested. It gave it alternative
or similar relief in some instances. It also denied some DOJ requests. This item
in the NPRM is notable because the DOJ did not ask for this section in its original
petition for
rulemaking [83 pages in PDF] or
reply comments [61 pages in PDF].
Moreover, while the DOJ has been holding ex parte meetings with FCC personnel
since last summer, its ex parte notices in this and other proceedings do not reflect that
the DOJ has asked for this. Finally, to the limited extent that TLJ has spoken with FCC
personnel who have been present at various of these meetings, they have stated either that
they will not discuss ex parte meetings, or that the DOJ has not taken a position on the
use of private intercept management providers at these meetings.
On the one hand, the DOJ could simply be relying upon these companies, and
their profit motive, to conduct the lobbying of the FCC on this issue. Moreover,
it may be significant that Mike Warren, the President of Fiducianet, was until
recently a long time employee of the DOJ's Federal
Bureau of Investigation (FBI). He worked in its CALEA unit.
In addition, these private intercept
management providers could turn out to be more supportive of the LEAs than the
carriers' and information service providers' internal staff would be. This would
give the DOJ cause for supporting this item in the NPRM.
Also, the financial incentives could work in favor of the DOJ. While carriers
currently receive payment for intercepts, it costs them more than they receive.
Intercepts are a money losing proposition for carriers. Hence, they have no financial
incentive to do more of them, or any of them. But, if the
intercept management function were separated from the provision of information
services, with the intercept management provider being paid by the information
services provider at a market based price, the intercept management provider would
benefit from performing more intercepts. It would have a financial incentive to
conduct more intercepts. This could result in LEAs encountering
less resistance from private intercept management providers than from the
carriers and information services providers.
On the other hand, these private intercept
management providers, in order to win clients, may have to be responsive to
their interests. They could develop as more effective counterweights to
overzealous LEAs than would small information service providers acting
individually.
This Proposal Could Change the Structure of
Surveillance. This proposal to use private intercept management providers,
if implemented, could change the structure of surveillance.
There are now two types of entities involved in the wiretap process --
LEAs and telecommunications carriers. LEAs seek information, get court orders, and then
serve them upon the telecommunications carriers that maintain the networks.
This NPRM proposes a third category of entity in the surveillance process. It
add private companies,
such as VeriSign and
Fiducianet, that would provide
"intercept management".
Also, as more criminals and terrorists adopt new information services,
surveillance of these activities will increase, thus making information services
providers a fourth major category of entity active in the surveillance system.
Data on wiretaps suggest that there is still very little interception
involving information services. For example, on April 30, 2004, the
Administrative Office of the United States
Courts released its 2003 annual
report [10 pages
in PDF] on interception of phone, oral and electronic communications. This
report only addressed Title III wiretaps, which also include accessing the
content of e-mail transmissions. It states that "1,442 intercepts authorized by
federal and state courts were completed in 2003". It further states that 49
authorizations pertained to "Electronic wiretaps". It adds that "32 of
these involved electronic pagers, 12 involved computers, and 5 involved other
electronic devices such as fax machines". The report also addresses encryption. It
states that "In 2003, no instances were reported of encryption being encountered
on federal wiretaps. One state jurisdiction reported that encryption was
encountered in a wiretap terminated in 2003; however, the encryption was
reported to have not prevented law enforcement officials from obtaining the
plain text of communications intercepted."
Law enforcement, including investigation, surveillance, and collection of
evidence of crimes, is one of the core governmental functions of any nation or
state, regardless of how market oriented it might be. This NPRM proposes to
shift functions that are essentially governmental to private companies.
Some groups have argued that there is a larger trend in the structure of
surveillance towards privatization, and that it has potentially harmful consequences.
For example, the ACLU just released a
paper [38 pages in PDF]
titled "The Surveillance-Industrial Complex: How the American Government is
Conscripting Businesses and Individuals in the Construction of a Surveillance
Society" that cautions about an ongoing trend of privatization of surveillance.
It was written just before the FCC released its CALEA NPRM, and hence, does not include
a section on the NPRM.
The ACLU may or may not be on point in all of its arguments.
Nevertheless, there is currently a broad array or statutory rules, regulations,
and caselaw that define, for the LEAs and telecommunications carriers what their roles
in the surveillance process are, what they are allowed to do, what they are prohibited
from doing, and how they can be penalized for breaking the rules. This legal framework
is constructed with LEAs and telecommunications carriers in mind. In contrast, there is
currently no legal framework that would apply to these new private intercept management
providers. Nor does the NPRM propose to construct such a framework.
The NPRM, at the very end of its section on intercept management adds a
single sentence that asks for comments, but only about the "privacy and
security" related implications of using these new private intercept
management providers" (See, NPRM at Paragraph 76.)
Abuse of Surveillance Powers. The legal regime regulating the searches,
seizures, wiretaps and other surveillance, of which the CALEA is just one part, builds
in safeguards to decrease the likelihood that surveillance powers will be abused.
The interception of communications can entail the acquisition of very private
information. Abuse of interception authority, and illegal interception can cause
substantial harm to the persons whose conversations are intercepted, and the
business or organizations for which they work.
To date, almost all interception has involved merely the content of two
person conversations, and acquiring phone numbers. Moreover, the content of
calls is acquired as voice in analog format. Someone can listen to it,
transcribe it, and read it.
In contrast, the development of new information services means that far more
than voice conversations are traveling over networks. There is also substantial
data -- financial data, proprietary information of business, medical records,
and other things not previously contained within phone conversations. Moreover,
much data is stored, and hence available for seizure for a long time. Finally,
the data is digital, and often in formats that make it readily searchable, and
easily merged with other collections of data. This means that the amount of
information that is becoming available through searches and seizures is growing
rapidly, that the uses to which it can be put is growing rapidly, and hence,
that the extent of the potential harm that could result form improper or illegal
searches and seizures is growing rapidly.
One might speculate that this development may lead the Congress to create increased protections and
safeguards against abuse of search, seizure, surveillance, and intercept powers.
However, the NPRM's suggestions regarding private intercept management providers
would tend to have just the opposite affect -- decreasing the protections and
safeguards.
There are several checks upon LEAs. First, LEAs are staffed by career sworn
law enforcement officers who tend to take the laws that they are sworn to uphold
very seriously. Second, laws limit who within LEAs may seek orders for wiretaps.
In this case of the DOJ,
18 U.S.C. § 2516
limits this authority to a small group of ranking officials. Third, laws limit
the crimes which may serve as a predicate offense for issuance of a wiretap
order. For the DOJ, this is codified at 18 U.S.C. § 2516. Fourth, the request to
conduct a wiretap must be approved by an impartial federal judge.
Fifth, there is the principle of suppression of evidence. LEA personnel are
largely motivated by a desire to catch criminals and put them in jail. They need
evidence that can be admitted at a trial to do this. However, evidence that is
illegally obtained, such as by an illegal wiretap, can be suppressed, and
thereby rendered inadmissible at trial. Moreover, evidence collected as a result
of an illegal search can also be suppressed. In the case of wiretaps, this is
codified at 18 U.S.C.
§ 2515. Perhaps nothing upsets prosecutors and law enforcement officers more
than watching a criminal whom they have caught and charged walk out the front
door of the courthouse as a result of the suppression of critical evidence.
These checks are largely effective in keeping LEAs in line. However, they
would not apply in the same manner to private intercept management providers. The
employees of these companies will not be sworn law enforcement officers with the
esprit of these professionals. Nor will they be motivated by worries about the
suppression of evidence. The companies will be paid regardless of whether the
fruits of the surveillance are used or are useable in court. Their motive is
profit maximization.
There are also checks upon telecommunications carriers. First, they have no
profit motive in conducting intercepts because they loose money on intercepts. In
contrast, the private intercept management providers will make more money the
more intercepts there are.
Second, telecommunications carriers have a stronger incentive to protect the
privacy and security of their own customers than the private intercept
management providers would.
Third, there are statutory restrictions on what telecommunications carriers
can do. There is, for example,
47 U.S.C. § 605,
which prohibits the unauthorized publication or use of communications. This
applies to entities that are telecommunications carriers within the meaning of
the Communications Act. However, the FCC's analysis in the substantial
replacement section of the NPRM tentatively concludes that certain information
services providers are telecommunications carriers within the meaning of the
CALEA, but not within the meaning of the Communications Act. The consequence of
such a distinction could be that these information services
providers
(and their agents, the private intercept management providers) are
regulated by the CALEA, but not by Section 605.
Fourth, there is 18
U.S.C. § 2511, which criminalizes illegal wiretaps. This section applies
equally to LEAs, telecommunications carriers, information services providers,
and private intercept management providers. However, with the increasing use of
services that provide for storage of communications and other electronic data
held by a third party, the utility of Section 2511 in constraining abuse of
electronic surveillance powers is decreasing.
For example, in the case of e-mail, Section 2511 appears to cover electronic
transmission of e-mail, but not the electronic storage of e-mail. Thus, an
e-mail service provider or private intercept management provider that improperly
accesses stored e-mail could not be sued or prosecuted under Section 2511.
This is what the U.S. Court of Appeals
(1stCir) held in USA v. Bradford Councilman. On June 29, 2004 the
Court of Appeals issued its split
opinion that there was no violation of Section 2511 when stored e-mail is
accessed, because, since it was in storage, there is no interception within the
meaning of the statute. See,
story
titled "1st Circuit Holds Wiretap Act Does Not Apply to E-Mail in Storage" in
TLJ Daily E-Mail
Alert No. 930, July 1, 2004.
Also, bills have already been introduced in the Congress that would address
the holding in Councilman. See, stories titled "Rep. Nadler Introduces Bill to
Criminalize Accessing Stored E-Mail" and "Rep. Inslee Introduces E-mail Privacy
Act" in TLJ Daily E-Mail Alert No. 950, August 2, 2004.
There is also the sections of the Criminal Code pertaining to stored
communications. However, these are more effective as a restraint on third
parties, than as a restraint on LEAs and the entities that store the data. For
example, the prohibitions of
18 U.S.C. § 2701
exempt the service provider. The provisions of
18 U.S.C. § 2702
contain exemptions for LEA related activities.
In conclusion, by promoting the development of private intercept management providers,
the FCC is shifting a core governmental law enforcement activity to a new
category of entity that is largely unconstrained by the factors that keep the LEAs in check. It is also shifting authority to entities that lack the
same incentives as the telecommunications carriers and information services
providers to protect the privacy and security of the customer.
Moreover, in the case of stored communications and stored data, the law
arguably provides insufficient checks upon the activities of not only private
intercept management providers, but also of the telecommunications carriers and
information services providers.
The consequence of all this is that, perhaps, inevitably, the legal regime
regulating electronic surveillance will have to be substantially updated. This
would require amendment of criminal provisions of Titles 18 and 50. Only
the Congress can do this.
|
|
|
Notice of Change of E-Mail
Address |
The e-mail address for Tech Law Journal has changed. The new address is
as follows:
All previous e-mail addresses no longer operate. This new address is
published as a graphic to avoid e-mail address harvesting, and the associated
spam messages and malicious code messages. If your e-mail system does not
display graphics, see notice in TLJ website.
|
|
|
About Tech Law Journal |
Tech Law Journal publishes a free access web site and
subscription e-mail alert. The basic rate for a subscription
to the TLJ Daily E-Mail Alert is $250 per year. However, there
are discounts for subscribers with multiple recipients. Free one
month trial subscriptions are available. Also, free
subscriptions are available for journalists,
federal elected officials, and employees of the Congress, courts, and
executive branch. The TLJ web site is
free access. However, copies of the TLJ Daily E-Mail Alert are not
published in the web site until one month after writing. See, subscription
information page.
Contact: 202-364-8882.
P.O. Box 4851, Washington DC, 20008.
Privacy
Policy
Notices
& Disclaimers
Copyright 1998 - 2004 David Carney, dba Tech Law Journal. All
rights reserved. |
|
|