[House Hearing, 108 Congress]
[From the U.S. Government Publishing Office]
LAW ENFORCEMENT ACCESS TO COMMUNICATION SYSTEMS IN THE DIGITAL AGE
=======================================================================
HEARING
before the
SUBCOMMITTEE ON TELECOMMUNICATIONS AND THE INTERNET
of the
COMMITTEE ON ENERGY AND COMMERCE
HOUSE OF REPRESENTATIVES
ONE HUNDRED EIGHTH CONGRESS
SECOND SESSION
__________
SEPTEMBER 8, 2004
__________
Serial No. 108-115
__________
Printed for the use of the Committee on Energy and Commerce
Available via the World Wide Web: http://www.access.gpo.gov/congress/
house
__________
U.S. GOVERNMENT PRINTING OFFICE
96-092 WASHINGTON : 2004
____________________________________________________________________________
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; (202) 512�091800
Fax: (202) 512�092250 Mail: Stop SSOP, Washington, DC 20402�090001
------------------------------
COMMITTEE ON ENERGY AND COMMERCE
JOE BARTON, Texas, Chairman
W.J. ``BILLY'' TAUZIN, Louisiana JOHN D. DINGELL, Michigan
RALPH M. HALL, Texas Ranking Member
MICHAEL BILIRAKIS, Florida HENRY A. WAXMAN, California
FRED UPTON, Michigan EDWARD J. MARKEY, Massachusetts
CLIFF STEARNS, Florida RICK BOUCHER, Virginia
PAUL E. GILLMOR, Ohio EDOLPHUS TOWNS, New York
JAMES C. GREENWOOD, Pennsylvania FRANK PALLONE, Jr., New Jersey
CHRISTOPHER COX, California SHERROD BROWN, Ohio
NATHAN DEAL, Georgia BART GORDON, Tennessee
RICHARD BURR, North Carolina PETER DEUTSCH, Florida
ED WHITFIELD, Kentucky BOBBY L. RUSH, Illinois
CHARLIE NORWOOD, Georgia ANNA G. ESHOO, California
BARBARA CUBIN, Wyoming BART STUPAK, Michigan
JOHN SHIMKUS, Illinois ELIOT L. ENGEL, New York
HEATHER WILSON, New Mexico ALBERT R. WYNN, Maryland
JOHN B. SHADEGG, Arizona GENE GREEN, Texas
CHARLES W. ``CHIP'' PICKERING, KAREN McCARTHY, Missouri
Mississippi, Vice Chairman TED STRICKLAND, Ohio
VITO FOSSELLA, New York DIANA DeGETTE, Colorado
STEVE BUYER, Indiana LOIS CAPPS, California
GEORGE RADANOVICH, California MICHAEL F. DOYLE, Pennsylvania
CHARLES F. BASS, New Hampshire CHRISTOPHER JOHN, Louisiana
JOSEPH R. PITTS, Pennsylvania TOM ALLEN, Maine
MARY BONO, California JIM DAVIS, Florida
GREG WALDEN, Oregon JANICE D. SCHAKOWSKY, Illinois
LEE TERRY, Nebraska HILDA L. SOLIS, California
MIKE FERGUSON, New Jersey CHARLES A. GONZALEZ, Texas
MIKE ROGERS, Michigan
DARRELL E. ISSA, California
C.L. ``BUTCH'' OTTER, Idaho
JOHN SULLIVAN, Oklahoma
Bud Albright, Staff Director
James D. Barnette, General Counsel
Reid P.F. Stuntz, Minority Staff Director and Chief Counsel
______
Subcommittee on Telecommunications and the Internet
FRED UPTON, Michigan, Chairman
MICHAEL BILIRAKIS, Florida EDWARD J. MARKEY, Massachusetts
CLIFF STEARNS, Florida Ranking Member
Vice Chairman ALBERT R. WYNN, Maryland
PAUL E. GILLMOR, Ohio KAREN McCARTHY, Missouri
CHRISTOPHER COX, California MICHAEL F. DOYLE, Pennsylvania
NATHAN DEAL, Georgia JIM DAVIS, Florida
ED WHITFIELD, Kentucky CHARLES A. GONZALEZ, Texas
BARBARA CUBIN, Wyoming RICK BOUCHER, Virginia
JOHN SHIMKUS, Illinois EDOLPHUS TOWNS, New York
HEATHER WILSON, New Mexico BART GORDON, Tennessee
CHARLES W. ``CHIP'' PICKERING, PETER DEUTSCH, Florida
Mississippi BOBBY L. RUSH, Illinois
VITO FOSSELLA, New York ANNA G. ESHOO, California
STEVE BUYER, Indiana BART STUPAK, Michigan
CHARLES F. BASS, New Hampshire ELIOT L. ENGEL, New York
MARY BONO, California JOHN D. DINGELL, Michigan,
GREG WALDEN, Oregon (Ex Officio)
LEE TERRY, Nebraska
JOE BARTON, Texas,
(Ex Officio)
(ii)
C O N T E N T S
__________
Page
Testimony of:
Baker, Stewart A., Steptoe & Johnson......................... 27
Dempsey, James X., Executive Director, Center for Democracy
and Technology............................................. 37
Green, Richard R., President and Chief Executive Officer,
Cable Television Laboratories, Inc......................... 31
Knapp, Julius P., Deputy Chief, Office of Engineering and
Technology, Federal Communications Commission.............. 21
Parsky, Laura H., Deputy Assistant Attorney General, Criminal
Division, U.S. Department of Justice....................... 4
Thomas, Marcus C., Deputy Assistant Director, Federal Bureau
of Investigation........................................... 15
(iii)
LAW ENFORCEMENT ACCESS TO COMMUNICATION SYSTEMS IN THE DIGITAL AGE
----------
WEDNESDAY, SEPTEMBER 8, 2004
House of Representatives,
Committee on Energy and Commerce,
Subcommittee on Telecommunications
and the Internet,
Washington, DC.
The subcommittee met, pursuant to notice, at 10 a.m., in
room 2322, Rayburn House Office Building, Hon. Fred Upton
(chairman) presiding.
Members present: Representatives Upton, Stearns, Cox,
Shimkus, Pickering, Buyer, Walden, Terry, Barton (ex officio),
Wynn, McCarthy, Rush, and Stupak.
Staff present: Howard Waltzman, majority counsel; Will
Norwind, majority policy coordinator; William Carty,
legislative clerk; and Peter Filon, minority counsel.
Mr. Upton. Good morning. We have a lot of hearings today,
and a number of our colleagues are allegedly on the way, and I
will just make a motion for unanimous consent that all members'
statements on the subcommittee will be put into the record in
their entirety, if by some chance they do not get here by the
time our opening statements are concluded.
Today's hearing is entitled ``Law Enforcement Access to
Communication Systems in a Digital Age.'' I want to put today's
hearing into context.
In order to realize their full potential, I believe that
broadband and VoIP services should be free from unwarranted
economic regulation. However, there are other types of
regulation which promote important policy objectives. For
example, today we will be examining law enforcement access to
communication systems, which is facilitated through CALEA.
More specifically, we will examine whether and how such
access should be provided in the digital age. Unfortunately
when it comes to telecommunications technology, many terrorists
are not as primitive as their evil and demented world view.
In fact, law enforcement raises the specter of terrorists
exploiting perceived technological gaps with respect to certain
services for which telecommunications carriers are unable to
provide or are unable to provide in a usable form the content
of communications or related information as required by a court
order.
According to law enforcement, certain services will become
the preferred means of communications for terrorists precisely
because of such perceived technological gaps in the ability of
law enforcement to get access.
In our post 9/11 world, we ignore this specter at our own
peril. That is why we must insure that law enforcement has
adequate access to digital communications like broadband and
VoIP.
Having said that, we must work carefully with
telecommunications carriers and manufacturers to insure that
the technological standards for providing such access are
driven by industry which is in a better position than the
government to find workable ways to build the proverbial
mousetrap without stifling innovation in this relatively
nascent and dynamic marketplace.
While there may be an inherent and understandable tension
between law enforcement and industry, this has to be a
partnership if we are to put our best foot forward in the name
of Homeland Security.
I look forward to hearing from today's witnesses, and I
want to thank them in advance for their testimony which we
received last night.
And I will recognize for an opening statement my colleague
from Oregon, Mr. Walden.
Mr. Walden. Thank you, Mr. Chairman, for holding this
hearing. I am going to waive an opening statement in lieu of
time for questions.
Mr. Upton. Mr. Buyer.
Mr. Buyer. Reserve my time.
Mr. Upton. Mr. Shimkus.
Mr. Shimkus. The same.
Mr. Upton. Okay. Well, that is terrific.
[Additional statements submitted for the record follow:]
Prepared Statement of Hon. Paul E. Gillmor, a Representative in
Congress from the State of Ohio
Thank you Mr. Chairman, for yet another opportunity to lay the
groundwork for addressing the insurgence of new technologies under
current telecommunications rules.
Today, where we will learn more about the critical needs of law
enforcement agencies to easily access information from emerging
technologies such as Voice over Internet Protocol (VoIP) and broadband
services for crime-fighting purposes, we must also keep in mind the
importance of further developing these new modes communication in order
to continue to create more competition and meet customers' demands.
I welcome the well-balanced panel of witnesses and again, look
forward to hearing about how our panel can contribute to striking this
delicate balance, one of protecting our homeland and spurring
technological innovation.
Again, I thank the Chairman and yield back the remainder of my
time.
______
Prepared Statement of Statement of Hon. Barbara Cubin, a Representative
in Congress from the State of Wyoming
Thank you, Mr. Chairman.
Just a few years ago Voice over Internet Protocol (VoIP) seemed to
be a technology for a future telecommunications generation. But it's
here now, and is making us all wrestle with where VoIP fits in the
framework of our communications infrastructure. On one hand, it
provides the promise of true competition that promises to benefit
consumers across America. On the other, it calls into question a host
of legacy regulations that make up the telecom landscape today.
Part of the VoIP debate is where social obligation regulations fit
into the picture. One that is of particular concern, and is important
to the safety of our homeland, is the Communications Assistance for Law
Enforcement Act (CALEA). This act gives our law enforcement
organizations tools they need to catch the bad guys. It used to be that
these bad guys were just your garden variety criminals. Now they are
terrorists who work to plot their next attack on America with whispered
voices in shadowy places around the world--and here at home.
That's why it is important to me that we not allow a means of
communication that would skirt the law, and invite terrorists to
communicate with impunity. I am interested to hear from our witnesses
on this matter and to determine the proper role for this Committee and
this Congress regarding VoIP and CALEA.
Thank you again, Mr. Chairman for opening this dialog and look
forward to hearing from our witnesses. I yield back the balance of my
time.
______
Prepared Statement of Hon. Joe Barton, Chairman, Committee on Energy
and Commerce
Mr. Chairman, thank you for calling this hearing today. As this
committee examines the rules that should apply to broadband services
and networks, it is critical that we understand the implications of any
changes in the rules for law enforcement access to communications
systems.
There are three primary goals we need to keep in mind in
approaching this issue. First, we must not permit broadband or VoIP
services to become the communications-medium-of-choice for terrorists
because of the absence of electronic surveillance capabilities for law
enforcement. Second, however, we must not stifle new technologies by
burdening them with unachievable rules. And, third, we must protect
consumer privacy. While lawfully executed court orders must enable law
enforcement to have access to certain call content and call-identifying
information, this must not lead to a wanton invasion of consumer
privacy.
I believe that these three goals are achievable and do not have to
be mutually exclusive. And I believe that the FCC has started down a
path that will enable us to achieve these goals.
Lawfully conducted electronic surveillance is a critical component
of effective law enforcement. New, broadband technologies have
tremendous promise for our society. We need to make sure that these
technologies are used for the benefit of society and are not used by
terrorists to evade detection.
Mr. Chairman, thank you for holding this hearing. I look forward to
the testimony of our witnesses.
______
Prepared Statement of Hon. John D. Dingell, a Representative in
Congress from the State of Michigan
Mr. Chairman, thank you for holding this hearing today on the
Communications Assistance for Law Enforcement Act, known as CALEA.
CALEA is a critical tool for law enforcement agencies in maintaining
the access communications of terrorists, drug traffickers, organized
crime syndicates, and other criminals. CALEA is vital to our nation's
security.
Although CALEA was written ten years ago in a mostly analog world,
Congress understood that new digital communications technologies were
on the horizon. Accordingly, CALEA was written with sufficient
flexibility to preserve the government's ability to access many
communications among users of advanced digital networks.
Both the world and technology have changed significantly since
1994. The spread of terrorism has in many respects made the world a
much more dangerous place. Moreover, new technologies have spread--new
digital broadband networks have come on line and new digital
applications, such as Voice over Internet Protocol telephone service,
are riding over these networks.
While providing tremendous opportunities for consumers, these
technologies may unintentionally provide terrorists, drug traffickers,
and other criminals new ways to evade detection by law enforcement. Not
only are criminals adept at exploiting new technologies for illegal
purposes, but the uncertainty surrounding CALEA's application to new
technologies is only exacerbating the situation. In fact, it has gotten
to the point where Deputy Assistant Attorney General John G. Malcolm
was quoted earlier this year in a New York Times article as saying that
he was ``aware of instances in which law enforcement authorities have
not been able to execute intercept orders because of this
uncertainty.'' It is imperative that the Bush Administration and the
Federal Communications Commission (FCC) fully implement CALEA.
Under CALEA, law enforcement agencies have the authority to gain
access to communications information being transmitted by
telecommunications carriers, the definition of which is much broader
than the definition of such carriers in the Communications Act.
Moreover, CALEA provides the Commission authority to bring within the
scope of CALEA new services that act as a replacement for a substantial
portion of local exchange service. The CALEA statute is clear.
Last month the FCC finally issued a notice of proposed rulemaking
that made several tentative conclusions, including that both
facilities-based providers of broadband service and ``managed'' VoIP
services are subject to CALEA. I would note, however, that it has been
ten years since CALEA became law and three years since terrorists
attacked the World Trade Center and Pentagon. Lives are at stake. Why
has it taken the Commission so long to act on such an important issue?
Similarly, since September 11th, neither the Commission nor the
Bush Administration has developed a comprehensive nationwide plan to
ensure the reliability, redundancy and interoperability for
communications systems, especially those of public safety.
Despite the delay in issuing its proposed rule, I am pleased that
the Commission has been mindful of Congress' three underlying goals in
CALEA: First, that government maintains the ability to intercept
communications involving new technologies; second, that the privacy of
individuals is protected; and third, that unnecessary burdens on the
development of new technologies and services are avoided. In this
dangerous new world, it is important that undue delays also be avoided
in the implementation of CALEA so that the government maintains the
ability to protect its people from those who seek to do them harm.
Mr. Upton. We are joined by a very distinguished panel. We
are actually going to be starting with Ms. Laura Parsky, Deputy
Assistant Attorney General for Criminal Division, U.S.
Department of Justice; followed by Mr. Marcus Thomas, Deputy
Assistant Director of the Federal Bureau of Investigation; Mr.
Julius Knapp, Deputy Chief of the Office of Engineering and
Technology, FCC; Mr. Stewart Baker, Steptoe & Johnson; Dr.
Richard Green, President and Chief Executive Officer of Cable
Television Labs; and Mr. James Dempsey, Executive Director of
the Center for Democracy and Technology.
Ladies and gentlemen, your testimony will be made part of
the record in its entirety. We would like you to summarize it
if you can in the time of about 5 minutes on the clock.
We will start with you, Ms. Parsky. Thank you for being
with us today.
STATEMENTS OF LAURA H. PARSKY, DEPUTY ASSISTANT ATTORNEY
GENERAL, CRIMINAL DIVISION, U.S. DEPARTMENT OF JUSTICE; MARCUS
C. THOMAS, DEPUTY ASSISTANT DIRECTOR, FEDERAL BUREAU OF
INVESTIGATION; JULIUS P. KNAPP, DEPUTY CHIEF, OFFICE OF
ENGINEERING AND TECHNOLOGY, FEDERAL COMMUNICATIONS COMMISSION;
STEWART A. BAKER, STEPTOE & JOHNSON; RICHARD R. GREEN,
PRESIDENT AND CHIEF EXECUTIVE OFFICER, CABLE TELEVISION
LABORATORIES, INC.; AND JAMES X. DEMPSEY, EXECUTIVE DIRECTOR,
CENTER FOR DEMOCRACY AND TECHNOLOGY
Ms. Parsky. Good morning Chairman Upton and members of the
subcommittee. I appreciate the opportunity to speak with you
today as you are considering the appropriate regulatory
framework for new communications technologies. These advanced
technologies, including high-speed broadband Internet access
and telephone service that uses Voice over Internet Protocol,
or VoIP, promise to contribute to increased American
productivity and to offer consumers the convenience of
reasonably priced, high-quality service.
One report indicates that a majority of U.S. households now
use some means of high-speed Internet access. In addition,
Internet telephony is attracting more and more customers every
day.
The administration fully supports the rapid and widespread
deployment of such new services. We also welcome and applaud
your efforts and the efforts of others in Congress as you
carefully debate the proper regulatory environment for them. To
automatically apply old-fashioned and likely outdated
principles to a new way of doing business is sure to hamper the
development of these promising and potent technologies.
However, in devising new principles for governing these new
technologies, we must preserve those safeguards that are
critical to our national security and public safety.
The core issue here is responsibility: responsible
government and responsible citizenship. By reevaluating
traditional regulation of communications systems, the
government is acting responsibly. Likewise, those who develop
and provide such communications services must also assume
responsibility.
The Communications Assistance for Law Enforcement Act,
CALEA, was drafted 10 years ago when Congress could not have
anticipated the details of today's communications revolution.
However, Congress did have the foresight to predict that such a
communications revolution would take place.
CALEA requires that, as new technologies are developed,
providers act responsibly by engineering their systems in a way
that allows law enforcement to execute court-ordered electronic
surveillance. As communications technology has progressed, some
carriers have never questioned their legal obligations under
CALEA or their corporate obligations to act responsibly where
public safety and national security are at risk. For each and
every carrier in this category, we recognize and applaud their
leadership and responsibility.
Unfortunately, however, there are also some carriers who
have deployed their technologies without regard to law
enforcement's ability to execute court-ordered electronic
surveillance and without regard to their corporate
responsibility where public safety and national security are at
risk.
Because of the existence of carriers in this latter
category, we have been forced to petition the Federal
Communications Commission to affirm the legal obligations of
carriers to comply with CALEA, and for the Federal
Communications Commission to meet noncompliance with robust
enforcement actions.
CALEA's obligations are even more important today than they
were when the statute was enacted 10 years ago. While many
carriers act responsibly and in the public interest without the
need for compulsory process, there will always be some
businesses that will choose to operate without regard to such
concerns. Because savvy criminals and terrorists seek out those
businesses, we must take steps to eliminate the vulnerability
in our national security and public safety created by those
businesses.
CALEA and the robust enforcement of CALEA will help
accomplish this critical goal. It is important to recognize
that CALEA itself does not authorize any electronic
surveillance. When enacting CALEA, Congress recognized that law
enforcement has had the authority to conduct wire taps pursuant
to a court order since 1968.
Well prior to CALEA, the authority extended to intercepts
of voice, data, fax, E-mail and any other form of electronic
communications, and Congress expressly stated that CALEA would
not expand that authority.
What CALEA does is to help ensure that as new
communications technologies are developed, carriers using those
technologies are capable of isolating and providing to the
government, in real time, communications and related
information as required by court orders. Electronic
surveillance itself is a law enforcement tool of last resort
and, to use it, Federal and State governments must meet
numerous constitutional, statutory, and regulatory
requirements.
Electronic surveillance is, however, usually critical to
those investigations where it is used successfully. Such
wiretaps are used to identify participants in organized crime
and obtain evidence about their specific criminal activities,
to identify participants in major drug offenses and seize
significant quantities of contraband drugs and currency, to
solve or prevent murder and other violent crimes attendant to
organized crime and drug trafficking, to solve or prevent
crimes involving the sexual exploitation of children, and,
increasingly, to solve or prevent terrorist offenses.
In a recent child sexual exploitation investigation in
Oklahoma, for example, investigators obtained judicial
authorization to intercept all wire communications of a pimp
who traveled interstate in order to sell children for sexual
activity. The pimp was recorded talking about grooming children
to become prostitutes, physically beating his victims into
compliance, and marketing the children as prostitutes in
numerous States.
Further, the electronic surveillance helped identify a
national child prostitution network and generated
investigations in other States. To date, the U.S. Attorney's
Office in Oklahoma City has federally charged nine defendants
for sexually exploiting children and more indictments are
pending. Significant State charges have also been filed against
ten perpetrators of these horrible crimes. Already three
children, one from Las Vegas, one from New Mexico, and one from
Oklahoma, have been rescued by law enforcement thanks to the
electronic surveillance.
Moreover, probably thousands of physical and sexual
assaults upon children have been prevented as a result of these
prosecutions that were dependent on electronic surveillance.
Electronic surveillance is also critical to the
Department's highest priority, fighting the war on terrorism.
The cell structure and worldwide scope of modern terrorist
groups makes surveillance essential to uncovering these lethal
networks before they strike us in ever more devastating ways.
In one recent terrorism investigation, three defendants
were charged with providing material support to terrorists as
well as solicitation of terrorist crimes of violence, including
kidnapping and murder. Literally all of the evidence against
these three defendants consists of audio recordings and fax
transmissions obtained through wiretaps and listening devices.
As critical as electronic surveillance is to the
investigation of many serious crimes, it is becoming
technologically more difficult to carry out wiretap orders and,
for some State and local authorities, sometimes impossible to
do so. There have been occasions where, because of
technological gaps with respect to certain services,
telecommunications carriers were unable to provide, or were
unable to provide in usable form, the content of communications
or related information as required by court orders.
Moreover, criminals and terrorists certainly do not want to
be caught. They know that electronic surveillance is an
extremely effective law enforcement tool, and they are known to
use particular technologies that they suspect law enforcement
will have difficulty intercepting.
CALEA's provisions thus are critical to ensuring public
safety and national security. CALEA applies to all
telecommunications carriers, a term that is specifically
defined in the CALEA statute and that is distinct from, and
more expansive than, the term ``telecommunications carrier''
used in the Communications Act of 1934.
[Pause in proceedings.]
Mr. Upton. Is your sound back now?
The Reporter. Yes, it is.
Mr. Upton. Okay. Go ahead.
Ms. Parsky. CALEA requires telecommunications carriers to
be able to execute court-ordered wiretaps by isolating and
providing to the government, in real time, the pertinent
communications.
Carriers also must have the ability to isolate and provide
reasonably available call-identifying information, such as
numbers dialed, that is the subject of a pen register or other
court order.
CALEA does not allow the government to dictate the design
of telecommunications systems, but it does require
manufacturers and providers to consult and plan, so that new
services that they deploy are CALEA compliant. This approach is
appropriate, because any amount of time that a terrorist or
other dangerous criminal can use a communications service
without a capability for court-ordered interception is too
long.
Furthermore, it is important to make clear that CALEA
itself actually provides critical protection of privacy rights.
The argument that full implementation of CALEA will threaten
individual privacy rights is simply misguided. CALEA strikes a
delicate balance among three sometimes competing goals:
One, to preserve a narrowly focused capability for law
enforcement agencies to carry out properly authorized
intercepts; two, to protect privacy in the face of increasingly
powerful and personally revealing technologies; and three, to
avoid impeding the development of new communications services
and technologies.
As the House of Representatives explained in the report,
``the bill further protects privacy by requiring the systems of
telecommunications carriers to protect communications not
authorized to be intercepted.''
CALEA addresses privacy concerns in two ways. First, it
requires that providers be able to separate out the
communications involving the equipment, facilities, or services
of the particular subscriber whose communications law
enforcement has an order to intercept. This provision promotes
both efficiency and privacy.
Second, CALEA requires that a service provider be able to
separate out call-identifying information from the content of
communications. This protects the call content from law
enforcement access where law enforcement only has legal grounds
to obtain the call-identifying information. A carrier's
compliance with CALEA when implementing a court-ordered wiretap
or a pen register order thus protects individuals' privacy
rights.
As I have mentioned, the Department of Justice has
petitioned the FCC to issue a rulemaking with respect to the
application of CALEA to advanced communications technologies,
such as broadband Internet access and certain forms of
broadband telephony.
It is important to make clear that through this petition to
the FCC, the Department is not asking for expansion of CALEA;
that is something only Congress is empowered to do.
Rather, we have asked the Commission, pursuant to its
mandate, to interpret and implement CALEA in light of emerging
telecommunications technologies and an apparent confusion among
some service providers and sectors of the telecommunications
industry concerning their CALEA obligations.
Mr. Upton. Ms. Parsky, the clock is not working at the
desk, but you have exceeded your time by a considerable amount.
I just wonder if you could just summarize, and I will be a
little more careful with the clock.
Ms. Parsky. Certainly. My apologies.
Mr. Upton. All right.
Ms. Parsky. Last month the FCC unanimously issued a Notice
of Proposed Rulemaking and Declaratory Ruling concerning the
issues raised in our petition. Although this is a lengthy
document and very complex, we are in the process of fully
evaluating it and we will be submitting our formal comments to
the FCC soon.
And finally, I would just like to thank you for this
opportunity to speak about an issue that is very important to
the Department of Justice and important to our efforts to
protect national security and public safety.
[The prepared statement of Laura H. Parsky follows:]
Prepared Statement of Laura H. Parsky, Deputy Assistant Attorney
General, Criminal Division, U.S. Department of Justice
I. INTRODUCTION
Good morning, Chairman Upton, Ranking member Markey, and Members of
the Subcommittee. The Department of Justice appreciates the opportunity
to address you today on this important subject. As we all are aware,
the ``Digital Age'' in which we now live is offering and will continue
to offer tremendous opportunities in telecommunications for both
consumers and businesses. The use of high-speed Internet access
services is growing rapidly in the United States. In fact, at least one
recent report indicates that, for the first time, more U.S. households
now connect to the Internet through cable, DSL, and other means of
broadband access than through traditional dial-up service. Also, more
and more traditional telephone companies, cable companies, and others
are offering some means of broadband telephony using Voice over
Internet Protocol (VoIP), attracting more and more consumers every day.
It is widely believed that such services will essentially replace
traditional telephone service in the United States in the not-so-
distant future.
The Administration fully supports the rapid and widespread
deployment of these communications technologies, understanding that
they promise to contribute to increased American productivity and to
offer the convenience of reasonably-priced, high-quality service with a
variety of useful new features for consumers. Moreover, we welcome and
applaud your efforts and the efforts of others in Congress as you
carefully debate the proper regulatory environment for new
communications technologies. We recognize that we are rapidly expanding
into a new and promising world of communications. To automatically
apply old-fashioned and likely outdated principles to a new way of
doing business is sure to hamper the development of these promising and
potent technologies. However, in devising new principles for governing
new technologies, we must preserve those safeguards that are critical
to our national security and public safety.
The core issue here is responsibility--responsible government and
responsible citizenship. By re-evaluating traditional regulation of
communications systems, the government is acting responsibly. Likewise,
those who develop and provide such communications services must also
assume responsibility. The Communications Assistance for Law
Enforcement Act (CALEA), 47 U.S.C. 1001, et. seq., was drafted ten
years ago when Congress could not have anticipated the details of
today's communications revolution. However, Congress did have the
foresight to predict that such a communications revolution would take
place. CALEA requires that, as new technologies are developed,
providers act responsibly by engineering their systems in a way that
allows law enforcement to execute court-ordered electronic
surveillance.
As communications technology has progressed, some carriers have
never questioned their legal obligations under CALEA or their corporate
obligations to act responsibly where public safety and national
security are at risk. For each and every carrier in this category, we
recognize and applaud their leadership and responsibility.
Unfortunately, however, there are also some carriers who have deployed
their technologies without regard to law enforcement's ability to
execute court-ordered electronic surveillance and without regard to
their corporate responsibility where public safety and national
security are at risk. Because of the existence of carriers in this
latter category, we have been forced to petition the Federal
Communications Commission (FCC) to affirm the legal obligations of
carriers to comply with CALEA and to meet non-compliance with robust
enforcement actions.
CALEA's obligations are even more important today than they were
when the statute was enacted ten years ago. While many carriers act
responsibly and in the public interest without the need for compulsory
process, there will always be some businesses that will choose to
operate without regard to such concerns. Because savvy criminals and
terrorists seek out those businesses, we must take steps to eliminate
the vulnerability in our national security and public safety created by
those businesses. CALEA and the robust enforcement of CALEA will help
accomplish this critical goal.
II. CALEA IS CRITICAL TO ENSURING THAT FEDERAL, STATE, AND LOCAL
AUTHORITIES CAN CARRY OUT THE COURT-ORDERED ELECTRONIC SURVEILLANCE
THAT IS ESSENTIAL TO THWARTING THE ACTIVITIES OF TERRORISTS AND OTHER
SIGNIFICANT CRIMINALS.
CALEA applies to all telecommunications carriers, a term that is
specifically defined in the CALEA statute and that is distinct from and
more expansive than the term ``telecommunications carrier'' used in the
Communications Act of 1934, 47 U.S.C. 151 et seq. CALEA requires
telecommunications carriers to be able to execute court-ordered
wiretaps by isolating and providing to the government, in real-time,
the pertinent communications. Carriers also must have the ability to
isolate and provide reasonably available call-identifying information,
such as numbers dialed, that is the subject of a pen register or other
court order. New systems and services thus should be developed and
deployed, not in a vacuum, but with recognition of law enforcement's
legitimate electronic surveillance needs.
CALEA itself does not authorize wiretaps or pen registers. That
authority and the requirements for obtaining the relevant court orders
are set forth in other statutes. What CALEA does is to help ensure
that, as new telecommunications technologies are developed, carriers
using those technologies are capable of isolating and providing to the
government communications and related information as required by court
orders.
When enacting CALEA in 1994, Congress ``concluded that there is
sufficient evidence justifying legislative action that new and emerging
telecommunications technologies pose problems for law enforcement.''
H.R. Rep. No. 103-827, at. 14. At that time, Congress was especially
cognizant of intercept problems associated with the burgeoning wireless
industry and the development of custom calling features. Congress,
however, anticipated that future technologies would pose similar
problems and thus stated that the purpose of the statute ``is to
preserve the government's ability, pursuant to court order or other
lawful authorization, to intercept communications involving advanced
technologies . . . or features and services . . . while protecting the
privacy of communications and without impeding the introduction of new
technologies, features and services.'' Id. at 13.
III. ELECTRONIC SURVEILLANCE IS A CRITICAL LAW ENFORCEMENT TOOL.
It is, of course, no secret that today's criminals use ordinary
telephones, cellular telephones, pagers, and the Internet, among other
communications devices, in order to coordinate their illicit
activities. In investigating terrorism, espionage, and other serious
crimes, electronic surveillance is not only one of the most effective
tools government has, but often it is the only effective tool. Often
criminal organizers and kingpins keep their distance from the criminal
conduct they direct through the use of modern communication tools.
There can be no doubt that electronic surveillance takes dangerous
criminals off the streets by providing evidence that law enforcement
could not have obtained any other way. In fact, one of the requirements
for obtaining a federal wiretap order is demonstrating that normal
investigative techniques have been or are likely to be inadequate or
are too dangerous. Last year alone, 3,674 people were arrested based on
evidence obtained through federal and state law enforcement wiretaps.
Over the past ten years, over 54,000 people have been arrested based on
wiretap evidence. That is as many as 54,000 criminals that might have
escaped justice had it not been technologically possible to carry out
court-ordered electronic surveillance.
For instance, in a 2002 investigation into members of the Lucchese
crime family in New York, wiretaps on cellular telephones and pagers
were instrumental in identifying and obtaining convictions of
approximately 35 defendants, including three members of the Bonanno
crime family. The types of crimes discussed over the wiretapped phones
included witness tampering, cocaine distribution, extortion and
violence in aid of racketeering, loansharking, and illegal gambling.
In a recent investigation of a marijuana distribution network
operating in New York, an intercepted call over a wiretapped phone
alerted police to a robbery and double homicide which had just occurred
in the Bronx. That valuable evidence allowed authorities to arrest
three individuals within hours of the homicides. Investigators later
established that several individuals had attempted to rob the targeted
marijuana sellers. During the attempted robbery, two individuals were
killed by gunshot wounds and a third was shot in the chest and
survived. The wiretap evidence helped police piece together the events
that had occurred and also helped establish narcotics trafficking
charges against additional defendants.
Electronic surveillance is also critical to identifying and
ultimately dismantling organized criminal networks, including major
national and international drug cartels. Last year, a wiretap in
Georgia led to seizures of tons of illegal drugs and millions of
dollars. Another wiretap investigation led to over one hundred arrests
in the United States and abroad and numerous U.S. prosecutions, as law
enforcement dismantled an international drug distribution ring
responsible for bringing large quantities of heroin and cocaine into
the United States from Colombia. Electronic surveillance has allowed us
to take cocaine, heroin, methamphetamine, and many other dangerous
drugs off our streets and away from our children.
While electronic surveillance remains vital to investigating
scourges such as organized crime and drug trafficking, against which we
continue to fight, it is even more important to the Department's
highest priority--fighting the war on terrorism. The cell structure and
worldwide scope of modern terrorist groups make electronic surveillance
essential to uncovering these lethal networks before they strike us in
ever more devastating ways. In one recent terrorism investigation,
three defendants were charged with providing material support to
terrorists as well as solicitation of terrorist crimes of violence,
including kidnapping and murder. Virtually all of the evidence against
these three defendants consists of audio recordings and fax
transmissions obtained through wiretaps and listening devices.
Electronic surveillance consistently helps authorities prevent
crimes and save lives. In a recent child sexual exploitation
investigation in Oklahoma, investigators obtained judicial
authorization to intercept all wire communications of a pimp who
traveled interstate in order to sell children for sexual activity. The
pimp was recorded talking about grooming children to become
prostitutes, physically beating his victims into compliance, and
marketing the children as prostitutes in numerous states. Further, the
electronic surveillance helped identify a national child prostitution
network and generated investigations in other states. To date, the
United States Attorney's Office in Oklahoma City has federally charged
nine defendants for sexually exploiting children, and more indictments
are pending. Significant state charges have also been filed against ten
perpetrators of these horrible crimes. Already, three children (one
from Las Vegas, one from New Mexico, and one from Oklahoma) have been
rescued by law enforcement thanks to the electronic surveillance.
Moreover, probably thousands of physical and sexual assaults upon
children have been prevented as a result of these prosecutions that
were dependent upon electronic surveillance.
In a narcotics-related wiretap investigation in the New Orleans
area, the target of the investigation discussed arrangements for a
heroin transaction with traffickers from New York. In subsequent
intercepted conversations, the target told his narcotics associate that
he intended to kill the New York suppliers after they delivered the
heroin. Based upon this information, law enforcement quickly arrested
the New York suppliers and thwarted their intended murder. The New
Orleans target was then arrested, pleaded guilty, and was ultimately
sentenced to life in prison.
In another case, wiretaps used to investigate a violent Russian
brigade helped to develop evidence of the organization's involvement in
armed robberies, extortion, and arson, among other crimes. Calls
intercepted during the investigation uncovered plans for a violent
kidnapping-for-ransom scheme. The wiretap evidence allowed law
enforcement to quickly make the arrests necessary to prevent the
kidnapping.
IV. IN THE ABSENCE OF COMPLIANCE WITH CALEA, TECHNOLOGICAL CONSTRAINTS
CAN PREVENT OR HINDER WIRETAPS, ALLOWING CRIMINALS TO EXPLOIT PERCEIVED
TECHNOLOGICAL GAPS TO AVOID INTERCEPTION.
As critical as electronic surveillance is to the investigation of
many serious crimes, it is becoming technologically more difficult to
carry out wiretap orders and, for some state and local authorities,
sometimes impossible to do so. There have been occasions where, because
of technological gaps with respect to certain services,
telecommunications carriers were unable to provide, or were unable to
provide in usable form, the content of communications or related
information as required by court orders.
Simply put, the equipment needed to carry out an intercept order or
pen register has become more sophisticated as telecommunications
technology has advanced. Today's digitized communications are provided
by many different companies who use many different protocols and
transmit communications over many different wires and cables and over a
myriad of frequencies through the air-- even during a single call.
CALEA therefore requires that telecommunications carriers and their
equipment vendors work together in designing new technology so that
court-ordered interception is technologically possible.
CALEA's provisions are critical to ensuring public safety and
national security. Criminals know that electronic surveillance is an
extremely effective law enforcement tool, and they have always gone to
great lengths to avoid it. Their tactics have included the use of
numerous communication devices in order to isolate the damage done if a
particular device is compromised and, most relevant to CALEA, the quick
migration to particular technologies that they suspect law enforcement
will have difficulty intercepting. Criminals and terrorists certainly
do not want to be caught, and they are quick to take advantage of any
perceived gap in our ability to detect and disrupt their criminal
activities.
V. THE FCC IS CAREFULLY CONSIDERING THE APPLICATION OF CALEA TO
ADVANCED TELECOMMUNICATIONS TECHNOLOGIES.
In the face of the real and growing threat to public safety and
national security posed by the misuse of VoIP and other new
telecommunications technologies, the Department of Justice has
petitioned the FCC to issue a rulemaking with respect to the
application of CALEA to advanced communications technologies such as
broadband Internet access and certain forms of broadband telephony.
This subcommittee hearing comes in the midst of the FCC's consideration
of the Department's petition and the resulting, vibrant discourse
involving the Department, other law enforcement entities, industry, and
special interest groups.
In our petition for expedited rulemaking, filed last March, we
requested that the Commission rule that CALEA applies to broadband
internet access services and certain forms of broadband telephony
services; reaffirm that the push-to-talk services now offered by many
cellular telephone companies are subject to CALEA; identify the packet-
mode services covered by a CALEA implementation Order issued in 1999
and establish compliance deadlines with respect to that Order; adopt
rules for expeditiously determining whether a new technology is subject
to CALEA and for establishing compliance deadlines and administrative
enforcement procedures for non-compliance; and resolve cost recovery
issues.
It is important to make clear that through this petition to the
FCC, the Department is not asking for expansion of CALEA; that is
something only Congress is empowered to do. Rather, we have asked the
Commission, pursuant to its mandate, to interpret and implement CALEA
in light of emerging telecommunications technologies and an apparent
confusion among some service providers and sectors of the
telecommunications industry concerning their CALEA obligations.
In crafting CALEA, Congress wisely did not limit its scope to one
particular technology, service, or suite of features, but rather set in
place a structure that anticipated and provided for a vast array of
technological advances. As the then Director of the FBI testified in
support of the legislation, CALEA was
intended to stand the test of time . . . . It is specifically
designed to deal intelligently and comprehensively with current
and emerging telecommunications technologies and to preclude
the need for much more restrictive and more costly legislation
in five or ten years when court-authorized interceptions would
no longer be possible due to further technology advances.
Hearing on Police Access to Advanced Communications Systems Before the
Senate Subcommittee on Technology and the Law of the Committee on the
Judiciary and the House Subcommittee on Civil and Constitutional Rights
of the Committee on the Judiciary (statement of Louis J. Freeh,
Director of the Federal Bureau of Investigation). Thus, Congress has
already recognized the importance of ensuring that, as advanced
communications technologies develop, industry develops the technical
means to implement court orders.
In response to the Department's petition, dozens of state and local
law enforcement entities and associations filed comments with the FCC
emphasizing the critical need to preserve CALEA. State and local
entities conduct annually almost three-fifths of all wiretaps in the
United States. As articulately expressed by the National Association of
District Attorneys:
For over a decade we have been pleading for the tools and the
laws we need to protect the people in our communities. We will
never know whether we could have prevented the tragic
consequences of September 11th had we had the investigative
tools we have been asking for since 1992. We only know that we
will need every advantage to prevent such a tragedy from ever
occurring again.
Comments of the National Association of District Attorneys, In the
Matter of Joint Petition for Rulemaking to Resolve Various Outstanding
Issues Concerning the Implementation of the Communications Assistance
for Law Enforcement Act, FCC 04-187, at 2.
Moreover, many of the responsible members of the communications
industry have agreed with law enforcement, through comments filed in
other related proceedings, that carriers play an important role in
protecting public safety and national security. One industry
association put it simply: ``American citizens should be assured that
communications companies are providing appropriate help to law
enforcement.'' Comments of the United States Telecommunications
Association, In the Matter of IP-Enabled Services: Notice of Proposed
Rulemaking, FCC 04-28, at 36-37.
VI. IN ITS RECENT NPRM, THE FCC HAS RECOGNIZED THE IMPORTANCE OF CALEA
IN THE CONTEXT OF EMERGING ADVANCED TECHNOLOGIES.
Last month, after receiving extensive comments on the Department's
petition, the FCC unanimously issued a Notice of Proposed Rulemaking
and Declaratory Ruling concerning a wide variety of CALEA issues
(``CALEA NPRM''). The CALEA NPRM states unequivocally that ``it is the
Commission's primary policy goal to ensure that [law enforcement
agencies] have all of the resources that CALEA authorizes to combat
crime and support Homeland Security,'' and it recognizes the need to
balance that interest with the competing privacy and technology
development interests. CALEA NPRM at � 4. While the Department is still
analyzing this lengthy issuance and will soon provide formal comments
to the FCC, a few things are important to highlight. The CALEA NPRM
tentatively concludes that CALEA applies to such services as
facilities-based broadband Internet services and managed VoIP telephone
services, seeking comment on the FCC's legal reasoning to support such
conclusions. In addition, the Commission issued a declaratory ruling
that wireless push-to-talk services are subject to CALEA. Although the
Commission did not agree with the Department on every point raised in
our petition, we are pleased with the seriousness with which the
Commission is approaching these critical issues.
Further, in the CALEA NPRM, the FCC recognized that law enforcement
does not seek the power to dictate how the Internet should be
engineered or the power to veto the deployment of new
telecommunications services. Law enforcement cannot--nor do we seek
to--dictate to any carrier how best to design its service or what
services it can or cannot offer. We only ask that any service comply
with the law in order not to imperil public safety and national
security. In light of the fact that CALEA solutions can be just as
innovative as the services themselves, the FCC appropriately committed
itself to ``finding solutions that will allow carriers and
manufacturers to find innovative ways to meet the needs of the law
enforcement community without adversely affecting the dynamic
telecommunications industry.'' CALEA NPRM at � 31.
It is worth noting that nothing in the CALEA NPRM precludes the FCC
from making an independent assessment of whether a carrier is subject
to other economic regulation under the Communications Act of 1934, as
amended. In confining its analysis to CALEA, the Commission explicitly
stressed that the CALEA NPRM ``in no way predispose[s] how the
Commission may proceed with respect to adopting a regulatory framework
for Internet Protocol (``IP'')-enabled or broadband services or
determining their legal classification under the Communications Act.''
CALEA NPRM at � 1, n. 1.
VII. SEVERAL MISCONCEPTIONS ABOUT CALEA AND THE DEPARTMENT'S EFFORTS TO
SECURE ITS IMPLEMENTATION WARRANT CLARIFICATION.
I'd like to take a few moments to address several misconceptions
about CALEA and about the Department's implementation efforts.
A. The Department's Petition Does Not Seek to Erode the Strict
Constitutional, Statutory and Regulatory Limitations Imposed on
Electronic Surveillance.
While electronic surveillance is a necessary tool, we are mindful
that it is also a very powerful tool--one that has serious implications
for the privacy of citizens. Accordingly, law enforcement only uses
electronic surveillance as a method of last resort, and even then we
adhere to strict limitations on its use.
As I briefly mentioned before, CALEA itself does not authorize
electronic surveillance. In presenting our views to the FCC concerning
the interpretation of CALEA, the Department is not seeking expanded
authority to conduct wiretaps. As Congress said when enacting CALEA,
``[s]ince 1968, the law of this nation has authorized law enforcement
agencies to conduct wiretaps pursuant to court order. That authority
extends to voice, data, fax, e-mail and any other form of electronic
communication. The bill will not expand that authority.'' H.R. Rep. No.
103-827, at 17.
The limitations on law enforcement's use of wiretaps are imposed by
the Constitution, statutes, and internal Department procedures. First,
the U.S. Constitution obviously places important parameters on our use
of electronic surveillance. Under the Fourth Amendment, the government
must demonstrate probable cause to a neutral magistrate before
obtaining a warrant for a search, arrest, or other significant
intrusion on privacy.
Congress and the courts have also provided statutory limits beyond
those required by the Constitution. For instance, law enforcement must
obtain a ``trap and trace'' or ``pen register'' court order to obtain
information identifying who is receiving or sending communications to
or from a particular suspect, even though not required under the
Constitution. See 18 U.S.C. 3121 et. seq.
The statutory authorization for law enforcement wiretaps, 18 U.S.C.
��2510-22 (commonly known as ``Title III''), as amended by the
Electronic Communications Privacy Act (ECPA) in 1986, creates an even
higher burden for obtaining the real-time interception of the content
of communications. The Senate Report on Title III stated explicitly
that the legislation ``has as its dual purpose (1) protecting the
privacy of wire and oral communications and (2) delineating on a
uniform basis the circumstances and conditions under which the
interception of wire and oral communications may be authorized.''
Senate Committee on the Judiciary, Omnibus Crime Control and Safe
Streets Act of 1967, S. Rep. No. 1097, 90th Cong., 2d Sess. (1968) at
66. When Title III was updated in 1986 to include provisions regarding
electronic communications, the Senate Report stated that ECPA
represented ``a fair balance between the privacy expectations of
American citizens and the legitimate needs of law enforcement
agencies.'' Senate Committee on the Judiciary, Electronic
Communications Privacy Act of 1986, S. Rep. No. 541, 99th Cong., 2d
Sess. (1986) at 5. Accordingly, under Title III, in order to obtain a
court order to capture the contents of communications as they occur,
the government must show that normal investigative techniques for
obtaining information about a serious felony offense have been or are
likely to be inadequate or are too dangerous, and that any interception
will be conducted so as to ensure that the intrusion is minimized.
Even beyond the limits placed by the Constitution and the Congress,
the Department of Justice has its own internal procedures to provide
still more safeguards. For example, the Office of Enforcement
Operations (OEO) in the Criminal Division of the Department reviews
proposed Title III applications to ensure that the request for
interception satisfies the protections of the Fourth Amendment and
complies with applicable statutes and regulations. Even if OEO
recommends authorizing a request, the application cannot go to a court
without approval by a Deputy Assistant Attorney General or higher-level
official in the Department. The fact that not a single application for
electronic surveillance under Title III was rejected by a federal court
in all of 2003 is a testament to the vigilance and care the Department
takes when asking for this authority.
If the Department of Justice approves a federal Title III request,
it still must, of course, be submitted to and approved by a court of
proper jurisdiction. The court will evaluate the application under the
Fourth Amendment and using the familiar standards of Title III. By
statute, for example, the application to the court must show, through
sworn affidavit, why the intercept is necessary as opposed to other
less-intrusive investigative techniques. The application must also
provide additional detail, including whether there have been previous
interceptions of communications of the target, the identity of the
target (if known), the nature and location of the communications
facilities, and a description of the type of communications sought and
the offenses to which the communications relate. By statute and
internal Department regulation, the interception may last no longer
than 30 days without an extension by the court. All intercepted
communications are sealed by the court, further protecting privacy.
Often courts also impose their own safeguards. For example, many
federal courts require that the investigators provide periodic reports
to the court setting forth information such as the number of
communications intercepted, the steps taken to minimize irrelevant
traffic, and whether the interceptions have provided information
relevant to the criminal investigation. The court may, of course,
terminate the interception at any time.
It is only after we have complied with these comprehensive
regulatory, statutory, and Constitutional protections that CALEA comes
into play and ensures that a court order can be implemented. Our recent
filings with the FCC do not seek to change any part of this carefully
calibrated system.
B. Implementation of CALEA Will Help Protect Privacy.
It is important to make clear that CALEA, itself, actually provides
critical protection of privacy rights. The argument that full
implementation of CALEA will threaten individual privacy rights is
simply misguided. CALEA strikes a delicate balance among three
sometimes competing goals: ``(1) to preserve a narrowly focused
capability for law enforcement agencies to carry out properly
authorized intercepts; (2) to protect privacy in the face of
increasingly powerful and personally revealing technologies; and (3) to
avoid impeding the development of new communications services and
technologies.'' H.R. Rep. No. 103-827, at 13. As the House of
Representatives explained in the report, ``the bill further protects
privacy by requiring the systems of telecommunications carriers to
protect communications not authorized to be intercepted.'' Id. at 10.
CALEA addresses privacy concerns in two ways. First, it requires
that providers be able to separate out the communications involving the
equipment, facilities, or services of the particular subscriber whose
communications law enforcement has an order to intercept. This
provision promotes both efficiency and privacy. Second, CALEA requires
that a service provider be able to separate out call-identifying
information from the content of communications. This protects the call
content from law enforcement access where law enforcement only has
legal grounds to obtain the call-identifying information. CALEA Section
103; 47 U.S.C. 1002. A carrier's compliance with CALEA when
implementing a court-ordered wiretap or a pen register order thus
protects individuals' privacy rights.
C. In Keeping with the Provisions of CALEA, the Department of Justice
Does not Seek to Dictate the Design of Telecommunications
Systems.
It is also important to stress that the Department does not seek to
dictate the design of new telecommunications systems. In fact, CALEA
explicitly prohibits any such undertaking by providing that it ``does
not authorize any law enforcement agency or officer . . . to require
any specific design . . . to be adopted by any provider [or]
manufacturer . . . ,'' and it does not authorize any law enforcement
agency or officer ``to prohibit the adoption of any equipment,
facility, service, or feature by any provider . . . [or]
manufacturer.'' CALEA Section 103, 47 U.S.C. 1002(b)(1).
What the Department does seek is to ensure that new communications
services and features to which CALEA applies are deployed with CALEA
solutions in place whenever feasible. Indeed, Section 106 of CALEA
mandates that carriers consult with manufacturers ``as necessary, in a
timely fashion'' to ensure ``that current and planned equipment,
facilities, and services comply with [CALEA] capability
requirements[.]'' 47 U.S.C. 1005 (emphasis added). CALEA solutions may
be developed by individual service providers or by industry, but they
must be developed. Any amount of time that a terrorist or other
dangerous criminal can use a communications service without a
capability for court-ordered interception is too long.
D. The Department is Not Seeking to Re-allocate the Costs of CALEA
Implementation.
Finally, the Department is not seeking to re-allocate the costs of
CALEA implementation to industry or consumers. It is CALEA itself that
places any cost burden on telecommunications carriers in the first
instance, rather than on the government, for equipment, facilities, and
services installed or deployed after January 1, 1995. CALEA Section
109(b); 47 U.S.C. 1008(b). This same provision, however, also allows
carriers to seek a determination of whether implementation of a CALEA
solution is ``reasonably achievable'' in light of costs and other
issues and allows carriers to seek compensation for costs or reprieve
in some circumstances. CALEA recognizes that the greatest cost
efficiency can usually be achieved by building intercept solutions into
a system's initial design prior to deployment, rather than as a
retrofit.
VIII. CONCLUSION
Now, ten years after the enactment of CALEA, we must not back away
from the important principles behind CALEA. If anything, it is even
more critical today than in 1994 that advances in communications
technology not provide a haven for criminal and terrorist activity.
While we recognize the desirability of and need for the development and
deployment of advanced telecommunications technologies, we must at the
same time act responsibly to preserve the national security and public
safety mandates of CALEA. The Department of Justice appreciates this
Subcommittee's leadership in seeking to promote new telecommunications
technologies in a manner that addresses these national security
interests, and we thank you for your continuing support.
Mr. Upton. Thank you. Thank you very much.
Mr. Thomas.
STATEMENT OF MARCUS C. THOMAS
Mr. Thomas. Thank you.
Good morning, Chairman Upton, members of the subcommittee.
I am grateful for this opportunity to discuss this important
national security and public safety issue, law enforcement's
access to communication systems in the digital age.
Let me say up front that I believe it's important to state
that the FBI and the law enforcement community recognize the
importance of the continued development and adoption of
innovative technologies to insure that the United States
remains a leader in today's competitive global marketplace. I
believe that public safety, national security, and technology
innovation can all be served by good policy.
I also do not think anyone seriously challenges the need
for law enforcement and national security communities to be
able to conduct court authorized electronic surveillance. There
is no doubt that wiretaps produce powerful intelligence and
evidence against the most dangerous criminals and terrorists.
When police cannot use other investigative techniques to safely
and successfully collect evidence and intelligence, they often
use wiretaps to catch criminals with words uttered from their
own mouths.
Concerns regarding the serious threat to our capabilities
are not limited to the United States law enforcement and
national security communities. Worldwide new laws are being
implemented that are intended to require network providers to
furnish communications interception services to government
agencies.
The technical assistance of communications service
providers in helping law enforcement agencies to execute an
electronic surveillance order is always important, and in many
cases it's absolutely essential. This circumstance has proven
to be the case increasingly with the advent over the past 10
years or so of complex new systems, services and features.
In the House report accompanying CALEA when it was passed
in 1994, the purpose of the legislation was clearly set out to
make clear telecommunications carriers' duty to cooperate in
the interception of communications for law enforcement
purposes.
In short, CALEA's intent was to mandate through service
provider cooperation access where advancing technology would
otherwise preclude it.
Despite the fact that since the enactment of CALEA there
have been technological advancements that few of us could have
foreseen, the implementation of CALEA has been successful.
Referring to the most recent wiretap report published annually
by the Administrative Office of the United States Courts, more
than 70 percent of all criminal wiretap authorizations listed
were through CALEA compliant capabilities.
In recent years, the FBI has found that there are greater
and more diverse challenges in effectuating the electronic
surveillance orders within modern networks than with
conventional telephony networks operated by traditional
telecommunications carriers.
In order to implement electronic surveillance orders in
these diverse networks, the FBI has relied on elaborate and
costly technical approaches to insure that only messages for
which there's probable cause to intercept are, in fact,
intercepted, and that all such authorized messages are
intercepted.
As a result, it has become increasingly common for the FBI
to seek and for judges to issue orders for Title III or FISA
interceptions which are much more complex and detailed and much
more likely to be directed to multiple network operators and
service providers than earlier orders which are ordinarily
directed against a single plain, old telephone service
provider.
The issue that I have described may be too complex for one
remedy to solve. Like so many issues we try to deal with today,
the future success of law enforcement electronic surveillance
will depend upon a multi-pronged approach. In response to the
challenges presented by rapid technological advances, the FBI
and law enforcement community have been using all available
means to implement their mission, to protect national security
and public safety.
In my written testimony, I included a list of significant
issues which we are addressing, including technology
advancements, industry cooperation, third party services,
industry standards and specifications, law enforcement
coordination and costs. I would encourage the subcommittee and
the rest of the members discussing these issues to keep in mind
the need for continued access by U.S. law enforcement to our
Nation's communications infrastructures.
Experience has proven that statutorily imposed
responsibilities must necessarily be one element of the
solution, but not the only element. As such, we must continue
to have statutory mandates such as CALEA and build upon them
using varied tools, including incentives.
In conclusion, I'd like to say over the past 10 years or
more, we have witnessed continued steady growth in computer and
Internet related crimes, including extremely serious acts in
furtherance of terrorism, espionage, infrastructure attack, as
well as more conventional serious and violent crimes.
These activities, which even now are being planned and
carried out, in part using the Internet and other complex
networks and services, pose challenges to the national security
and law enforcement communities that we dare not fail to meet.
In turn, the ability of the FBI and law enforcement
community to effectively investigate and prevent these serious
crimes is, in part, dependent upon our ability to lawfully and
effectively intercept and acquire vital intelligence and
evidence of crimes and our ability to promptly respond to these
threats to the American public. As the networks become more
complex so does the challenge placed upon us to keep pace.
I look forward to working with the subcommittee staff to
provide more information and welcome your suggestions to this
important national security and public safety issue. Thank you
for including my written testimony in the record, and I'll be
happy to answer questions.
Thank you.
[The prepared statement of Marcus C. Thomas follows:]
Prepared Statement of Marcus C. Thomas, Deputy Assistant Director,
Investigative Technology Division, Federal Bureau of Investigation
Good morning, Chairman Upton, Ranking Member Markey, and Members of
the Subcommittee, I am grateful for this opportunity to discuss this
important national security and public safety issue: law enforcement's
access to communications systems in the digital age. I would like to
start by briefly outlining a historical framework of court-authorized
electronic surveillance in highly-complex communications networks, then
discussing the situation in which the law enforcement community
currently finds itself, and some of the problems with which we are
currently dealing. Lastly, I would like to briefly discuss some of our
ongoing efforts intended to address a number of these problems.
BACKGROUND
Prior to delving into the subject of electronic surveillance, I
believe it is important to state that the FBI and the law enforcement
community recognize the importance of the continued development and
consumer adoption of innovative technologies to ensure the United
States remains a leader in today's competitive, global marketplace. One
of the fundamental requirements for preserving national security, the
privacy of our citizens, and public safety is ensuring that United
States national security and law enforcement agencies are able to
securely and effectively use lawful process to gather evidence and
intelligence during investigations. We remain extremely concerned about
the very serious, public safety and national security threat posed by
the misuse of technologies that hamper lawfully-authorized electronic
surveillance of communications occurring over their systems. I believe
that public safety, national security, and technological innovations
can be served by good policy. .
I do not think anyone seriously challenges the need for the law
enforcement and national security communities to be able to conduct
court-authorized electronic surveillance. There is no doubt wiretaps
produce powerful intelligence and evidence against the most dangerous
criminals and terrorists. When police cannot use other investigative
techniques to safely and successfully collect evidence and
intelligence, they often use wiretaps to catch and convict criminals
with words uttered from their own mouths. Concerns regarding this
serious threat are not limited to the United States law enforcement and
national security communities. Worldwide, new laws are being
implemented that are intended to require network providers to furnish
communications interception services to government agencies.
The issue I have just described may be too complex for one remedy
to solve. Like so many issues we try to deal with today, the future
success of lawful electronic surveillance will depend on a multi-
pronged approach. In some instances, responsibilities mandated of a
service provider are the appropriate course of action. In others, to
meet the exigent needs of law enforcement, industry cooperation can be
the most constructive avenue of pursuit. Finally, any approach would be
incomplete without considering law enforcement's own abilities. I am
here today, mere days before the third anniversary of September 11th,
to stress the importance of the outcome of our discussion: law
enforcement's continued ability to conduct lawful electronic
surveillance to ensure national security and public safety.
TECHNICAL ASSISTANCE REQUIREMENTS
As the Subcommittee is aware, there are two federal statutory
regimens pertaining to electronic surveillance one regarding criminal
investigations; the other regarding foreign intelligence,
counterintelligence, and terrorism investigations. The former is
derived from Title III of the Omnibus Crime Control and Safe Streets
Act of 1968 (commonly referred to as ``Title III''), as amended, and
portions of the Electronic Communications Privacy Act of 1986 (ECPA),
as amended. The latter is derived from the Foreign Intelligence
Surveillance Act of 1978 (FISA), as amended. Regardless of the
statutory regimen, Congress took action in 1994 to mandate
telecommunications carriers, and others as identified by the FCC, to
ensure their networks were capable of conducting electronic
surveillance.
The technical assistance of communications service providers in
helping a law enforcement agency execute an electronic surveillance
order is always important, and in many cases it is absolutely
essential. This circumstance has proven to be the case increasingly
with the advent, over the past ten years or so, of advanced
communications services and features. Accordingly, Title III and FISA,
as well as most state electronic surveillance laws, mandate service
provider assistance incidental to law enforcement's execution of
electronic surveillance orders.
Title III specifies that a ``service provider, landlord, custodian,
or other person shall furnish the applicant forthwith all information,
facilities, and technical assistance necessary to accomplish the
interception unobtrusively and with a minimum of interference . . .''
upon the request of the applicant (specifically, law enforcement). In
practice, judges sign two orders: one order authorizing the law
enforcement agency to conduct the electronic surveillance, and a second
(abbreviated) assistance order directed to the service provider
specifying, for example, the telephone number(s) of the subject that
are the object of the order and directing the provision of necessary
assistance.
Historically, assistance sought by law enforcement agencies was
rather straightforward and basic. For example, law enforcement agencies
sought and received service provider assistance to identify line
appearance information (i.e., locating the physical appearance of a
subject's line) and to establish leased lines running from the point of
interception to a monitoring facility of the law enforcement agency.
This model was very effective prior to the advent of advanced calling
features and the introduction of mobile communications. Likewise, law
enforcement agencies have historically paid reasonable expenses for
such administrative assistance.
In 1994, as a result of the emergence of an ever increasing array
of new services and features, many of which would have impeded, if not
precluded, normal electronic surveillance efforts by obstructing lawful
access, Congress passed, and the President signed into law, the
aforementioned CALEA legislation. In the House Report accompanying
CALEA, the purpose of the legislation was clearly identified: ``to make
clear a telecommunications carrier's duty to cooperate in the
interception of communications for law enforcement purposes . . .''.
That is to say that a primary purpose of CALEA was to clarify and
strengthen the statutory requirement that service providers furnish
``all'' technical assistance necessary to accomplish the interception--
meaning to design and build into their networks the capability and
capacity requirements needed by law enforcement. It is not enough just
to be willing to assist; rather, service providers must actually be
capable of making that assistance possible in a rapidly changing
technological world. In short, CALEA's intent was to mandate access
where advancing technology would otherwise preclude it.
Despite the fact that in the years since the enactment of CALEA
there have been technological advancements few of us could have
foreseen, CALEA has proven essential to law enforcement successes. In
the most recent Wiretap Report (published annually by the
Administrative Office of the United States Courts), 80 percent of
wiretap authorizations were for cellular or mobile telephones. Of that
number, I am pleased to tell you approximately 90 percent were
conducted using technical solutions developed specifically in response
to the assistance capability requirements identified in CALEA. In other
words, more than 70 percent of all criminal wiretap authorizations were
``CALEA-compliant.'' Looking to the future, our success with CALEA's
application to cellular telephones can be seen as a model. Prior to the
passage of CALEA the 1991 Wiretap Report identified that cellular
phones accounted for approximately one percent of wiretap
authorizations. CALEA provided a framework to ensure law enforcement's
lawful access as criminals migrated to the new technology. I believe we
are at the point with Voice over Internet Protocol (VoIP) today that we
were with cellular telephones in the early 1990s--with one significant
difference: all service providers, both wireline and wireless, have an
incentive to migrate their networks to an IP platform. What that means
is the transition to a VoIP infrastructure is occurring very quickly.
In recognition of this rapid change, we have petitioned the Federal
Communications Commission to make clear that CALEA applies to certain
forms of I.P. telephony services. We feel this is critical to
protecting law enforcement interests.
It is important to note that the requirement for service provider
assistance under 18 U.S.C. 2518(4) remains in full force and effect,
notwithstanding the applicability of CALEA, and requires service
providers to do whatever reasonably can be done to comply with
assistance court orders issued by judges. In other words, even when
CALEA does not apply, the service provider (or ``landlord, custodian,
or other person'') served with a court order for surveillance is
legally required to do whatever can reasonably be done to implement the
order.
CURRENT TECHNOLOGY AND POLICY ISSUES
Perhaps the most significant technological challenges in the area
of electronic surveillance faced by the law enforcement and national
security communities have been those challenges brought on by
convergence. Convergence refers to the blurring of lines among
traditionally distinct communications products, services, and
regulatory structures and can be thought of as the ability (technically
and legally) of different network platforms to carry essentially the
same kinds of services (so-called network-independence) as well as the
ability of a single network platform to carry many different kinds of
services (so-called service-independence). Such network/service
independence is perhaps most evident in the blurring of wireless and
wireline network services, but also in the blurring of data and voice
services. The most relevant instrument of change with regard to such
convergence has been the emergence of IP networks.
In recent years, the FBI has found that there are greater and more
diverse challenges in effectuating electronic surveillance orders
within modern networks than with ``conventional'' telephony networks
operated by traditional telecommunications carriers. In order to
implement electronic surveillance orders in these diverse networks, the
FBI has relied on elaborate and costly technical approaches to ensure
that only messages for which there is probable cause to intercept are,
in fact, intercepted and that all such authorized messages are
intercepted. As a result, it has become increasingly common for the FBI
to seek, and for judges to issue, orders for Title III or FISA
interceptions which are much more complex and detailed, and much more
likely to be directed to multiple network operators and service
providers, than earlier orders, which were ordinarily directed against
a single ``plain old telephone services'' provider.
It is important to point out that, when CALEA was passed in 1994,
the Internet was a nascent consumer technology, the World Wide Web was
only really coming into existence in the laboratory, and wireless
telephones were largely voice-only devices and not the web-enabled
devices we see today. Nevertheless, the Congress, with CALEA, was
attempting to address the complex and varied communications services
that we now see.
LAW ENFORCEMENT RESPONSE
In response to the challenges presented by rapid technological
advances, law enforcement has been using all available means to
implement its mission to protect national security and public safety.
First, law enforcement has sought to ensure compliance with CALEA. In
keeping with the spirit of Congress's intent when enacting CALEA, the
FBI has not sought to apply its requirements either recklessly or
broadly to those to whom it should not apply. Because neither CALEA,
nor any other single approach, is viewed as the absolute solution for
law enforcement's electronic surveillance problems, the FBI and other
law enforcement agencies have worked continually to augment CALEA
requirements with government capabilities. In this regard, we have
worked to develop close liaison relationships with the Information
Technology industry as a means of addressing the public safety and
national security issues associated with electronic surveillance and
the use of technologies which tend to hamper our legitimate
interception efforts. Over the past several years, we have been
aggressively pursuing an industry outreach strategy to inform the
Information Technology industry of law enforcement's needs in the area
of electronic surveillance, to continue to encourage the development of
interception capabilities that meet law enforcement's needs, and to
seek industry's assistance regarding the development of law enforcement
tools and capabilities when complex technologies are encountered during
the course of lawful investigation. As a result of this strategy, we
have seen a number of significant advancements which should be further
pursued and emulated.
First, we have seen a number of technological developments which
have led to the marketing of comprehensive technical tools designed, in
part, to perform electronic surveillance within the complex environment
of the Internet. These tools, which are designed to be implemented and
operated by a service provider, have greatly extended the capability to
effectuate lawful electronic surveillance on ISP networks. Several
companies have aggressively developed and marketed such tools.
Second, the FBI and the law enforcement community have always, as a
first instinct, sought to work cooperatively and closely with computer
network service providers and their software and equipment
manufacturers to develop lawful interception capabilities, especially
where legal, evidentiary, and investigative imperatives require special
purpose tools. As a result, a number of network operators and service
providers have acquired and implemented lawful interception
capabilities.
Third, we have seen the emergence of so-called ``third-party
services''--companies, largely utilizing the tools mentioned above,
marketing electronic surveillance services to both the network operator
community and the law enforcement community. One such third party
service provider provides telecommunications network operators, cable
operators, and ISPs with a streamlined service to help meet
requirements for assisting government agencies with lawful interception
and subpoena requests for subscriber records. With respect to third-
party service providers, law enforcement sees them as one potential
avenue for telecommunications network operators, cable operators, and
ISPs to meet their obligations under Title III and/or FISA. Employing a
third party may, for example, make a service provider's processes more
efficient, but in no way should be seen as relieving the service
provider of its electronic surveillance obligations. I liken third-
party services to other out-sourced services such as payroll
administration, where the third party handles the paperwork, but the
buck stops with the company that pays the bill.
Fourth, we have seen a truly commendable effort on the part of
CableLabs, an industry trade consortium representing many cable
companies, along with Time-Warner, Comcast, CableVision and Cox
Communications, to develop and publish a set of technical standards
which, on their face, meet law enforcement needs with regard to
electronic surveillance capabilities. This standard was developed in a
spirit of cooperation which began by recognizing the legitimacy of law
enforcement's needs and duties and the unique position industry is in
to ensure that our public safety and national security missions are
fulfilled.
Fifth, as always, we have seen the law enforcement community pull
together in the face of this issue. Speaking for the FBI, I can say
that many of our technologies, systems, and processes developed for our
own use have been made available, to the extent possible, to the
greater law enforcement community, including other federal law
enforcement agencies as well as state and local agencies. Nonetheless,
the challenges are daunting, and the federal government cannot shoulder
this burden alone. Even with federal assistance, state and local law
enforcement are currently having significant problems effectuating
their interception orders, and the situation will only grow worse.
Finally, another important issue regarding lawful interception
which must be addressed is that of cost. One inescapable fact is that
lawful electronic surveillance in this modern ``digital age'' is
increasingly complex and rapidly changing. Both of these circumstances
have the effect of increasing the overall cost of electronic
surveillance. Unfortunately, on this issue, there is no returning to
the ``days of old'' where policemen hunkered down in panel vans on the
street corner recording wiretaps on reel-to-reel tape. For now, and for
evermore, there is a new baseline for costs associated with this work.
I will leave you with a last thought regarding the capability of
law enforcement agencies to lawfully access communications in a
``digital age,'' and that is this: without the ``high tech'' industry
assisting the government in this effort, our challenge will be greater.
Law enforcement must have the continued ability to cost-effectively
conduct lawful electronic surveillance to ensure national security and
public safety. As I mentioned earlier, this is a complex issue that
needs a multi-pronged solution. Industry must be engaged and must
involve itself in that solution. I would encourage this Subcommittee
and the rest of Congress, when discussing the issue, to keep in mind
the need for continued access by U.S. law enforcement to our nation's
communications infrastructures. Experience has proven that statutorily-
imposed responsibilities must necessarily be one element of the
solution but not the only element. As such, we must continue to have
statutory mandates such as CALEA and build on them, using varied tools,
including incentives.
In conclusion, I would like to say that over the last ten years or
more, we have witnessed continuing, steady growth in computer and
Internet-related crimes, including extremely serious acts in
furtherance of terrorism, espionage, infrastructure attack, as well as
more conventional serious and violent crimes. These activities which
even now are being planned or carried out, in part using the Internet
and other complex networks and services, pose challenges to the
national security and law enforcement communities that we dare not fail
to meet. In turn, the ability of the FBI and the law enforcement
community to effectively investigate and prevent these serious crimes
is, in part, dependent upon our ability to lawfully and effectively
intercept and acquire vital intelligence and evidence of crimes and our
ability to promptly respond to these threats to the American public. As
the networks become more complex, so too does the challenge placed upon
us to keep pace.
I look forward to working with the Subcommittee staff to provide
more information and welcome your suggestions on this important
national security and public safety issue: law enforcement's access to
communications systems in the digital age. I will be happy to answer
any questions that you may have. Thank you.
Mr. Upton. Thank you.
Mr. Knapp.
STATEMENT OF JULIUS P. KNAPP
Mr. Knapp. Chairman Upton, members of the subcommittee,
good morning. I welcome this opportunity to discuss the FCC's
activities to implement the Communications Assistance for Law
Enforcement Act, or CALEA, for short.
The FCC is strongly committed to insuring the
telecommunications carriers provide law enforcement agencies
with the surveillance capabilities that are required under
CALEA. We recognize the vital importance of lawfully authorized
surveillance in combatting crime and insuring homeland
security.
The FCC also recognizes that in providing these
capabilities, we must not compromise other important
objectives, such as avoiding impediments to new technologies
and services, protecting personal privacy, and minimizing the
impact on consumers.
The CALEA statute was passed in 1994 with the purpose of
preserving the government's ability pursuant to court order or
other lawful authorization to intercept communications
involving advanced technologies, such as digital or wireless
transmission modes. Great changes in technology have occurred
over the past 10 years which have challenged the ability of law
enforcement to conduct lawfully authorized surveillance.
Most notably, there has been a rapid shift from circuit
mode to packet mode technologies with an array of new services,
such as broadband Internet access and Voice Over Internet
Protocol, or VoIP, now offered to businesses and consumers.
The FCC has been proud to facilitate this communications
revolution by minimally regulating these new services to
promote increased competition in the introduction of new
services for businesses and consumers. These changes from a
circuit based to a packet based world will have a profound
effect on the way we communicate.
However, in the midst of this communications revolution,
there has been an upsurge in dangerous criminal activity,
including terrorism. Accordingly, the FCC must insure that
CALEA's intent is carried out and that lawfully authorized
electronic surveillance is not compromised by new technologies.
On August 4, 2004, the FCC adopted a notice of proposed
rulemaking and declaratory ruling to launch a thorough
examination of the appropriate legal and policy framework for
implementing CALEA. This proceeding was initiated in response
to a joint petition filed by the Department of Justice, Federal
Bureau of Investigation, and Drug Enforcement Administration in
March 2004.
These parties state that several issues require immediate
attention and resolution by the FCC so that industry and law
enforcement have clear guidance as CALEA implementation moves
forward.
The notice of proposed rulemaking, or ``notice'' for short,
addresses a number of areas, including the applicability of
CALEA to broadband Internet access and VoIP, capability
requirements and solutions, compliance extensions, and cost and
cost recovery issues.
The notice tentatively concludes that CALEA's provisions
apply to facilitates based providers of any type of broadband
Internet access service, including wire line, cable modem,
satellite wireless, and power line, and to managed or mediated
voice over Internet protocol service. The notice finds that
these services fall under CALEA as a replacement for a
substantial portion of the local telephone exchange service.
The notice also solicits comment on what would be a
reasonable amount of time for entities that heretofore have not
been subject to CALEA to comply with its requirements.
The companion declaratory ruling clarifies that commercial
wireless push-to-talk services are subject to CALEA regardless
of the technologies that providers choose to use in offering
them.
As Chairman Powell noted in his statement on the CALEA
notice, our support for law enforcement is unwavering. The FCC
looks forward to developing a complete and comprehensive record
before determining how to best proceed. We will devote the
necessary resources to expeditiously and responsibly complete
this task.
I would like to thank you, Mr. Chairman, for the
opportunity to appear before you today. This concludes my
testimony, and I would be pleased to answer any questions you
or this committee may have.
Thank you.
[The prepared statement of Julius P. Knapp follows:]
Prepared Statement of Julius P. Knapp, Deputy Chief, Office of
Engineering and Technology, Federal Communications Commission
Mr. Chairman, Ranking Member, and Members of the Subcommittee: Good
morning. I am Julius Knapp, Deputy Chief of the Office of Engineering
and Technology at the Federal Communications Commission (FCC or
Commission). I welcome this opportunity to discuss the FCC's activities
to implement the Communications Assistance for Law Enforcement Act
(CALEA).
The FCC, under Chairman Powell's leadership, is absolutely
committed to ensuring that telecommunications carriers provide law
enforcement agencies (LEAs) with the surveillance capabilities that are
required under CALEA. The Commission recognizes the vital importance of
lawfully authorized surveillance in combating crime and ensuring
Homeland Security and intends for our recently initiated proceeding to
continue this ability. The FCC also recognizes that in providing these
capabilities we cannot compromise other important objectives, such as
avoiding impediments to new technologies and services, protecting
personal privacy, and minimizing the impact on consumers.
INTRODUCTION
Since 1970, telecommunications carriers have been required to
cooperate with LEAs to assist their conduct of electronic surveillance.
The CALEA statute was passed in 1994 with the purpose of preserving the
government's ability, pursuant to court order or other lawful
authorization, to intercept communications involving advanced
technologies such as digital or wireless transmission modes, while
protecting the privacy of communications and without impeding the
introduction of new technologies, features and services. Jurisdiction
to implement CALEA's provisions is shared by the Attorney General of
the United States, who consults with state and local LEAs, and the FCC.
Effective implementation of CALEA's provisions relies to a large extent
on shared responsibility among these governmental agencies and the
service providers and manufacturers subject to the law's requirements.
Great changes in technology have occurred over the past ten years,
which have challenged the ability of LEAs to conduct lawful
surveillance. Most notably, there has been a rapid shift from circuit-
mode to packet-mode technologies, with an array of new services such as
broadband Internet access and Voice over Internet Protocol (VoIP) now
offered to consumers and businesses. The FCC has been proud to
facilitate this communications revolution by minimally regulating these
new services to promote increased competition and the introduction of
new services for consumers and businesses.
These changes from a circuit-based world to a packet-based world
will have a profound effect on the way we communicate. As my colleague
Jeff Carlisle, now Chief of the FCC's Wireline Competition Bureau,
noted just two months ago in testimony before this Subcommittee, voice
is gradually becoming nothing more than one application of many over a
multiuse digital network, where users may obtain a wide variety of
services from multiple sources. For example, VoIP accelerates the
migration to digital multiuse broadband infrastructures and
internationalizes voice communications, allowing customers to buy voice
applications from providers around the world. From the outset of this
sea change, the Commission has stressed that important law enforcement
obligations must be a part of any regulatory regime. And indeed, the
very real threat of terrorism coupled with day-to-day criminal activity
will not permit anything short of full CALEA compliance.
Against the backdrop of the advancing digital migration and facing
these new challenges, the FCC is moving forward to ensure that CALEA's
intent is fully carried out and that lawfully-authorized electronic
surveillance is not compromised by new technologies--while at the same
time not compromising the new technologies themselves.
PAST FCC RULEMAKINGS
In 1997, the FCC initiated a rulemaking proceeding to begin the
implementation of CALEA, and over the next several years took a number
of significant actions in that proceeding, focusing largely on circuit-
switched technologies. Specifically, in an August 1999 Second Report
and Order, the FCC concluded that the language and legislative history
of CALEA provided sufficient guidance as to what the term
``telecommunications carrier'' means, such that the statute could be
applied to particular carriers, their offerings and facilities. The
Second Report and Order also stated that CALEA does not apply to
certain entities and services, including information services and
private network services. In a companion Third Report and Order, the
FCC required that wireline, cellular, and broadband Personal
Communications Services carriers implement all electronic surveillance
capabilities of an industry-developed standard, as well as some
additional capabilities requested by the Department of Justice and the
Federal Bureau of Investigation.
CURRENT FCC RULEMAKING
In March 2004, the Department of Justice, Federal Bureau of
Investigation, and Drug Enforcement Administration (collectively, Law
Enforcement) filed a joint petition requesting that the FCC initiate a
new rulemaking proceeding to resolve, on an expedited basis, issues
associated with the implementation of CALEA. In its Petition, Law
Enforcement maintains that outstanding implementation issues require
immediate attention and resolution by the FCC, so that industry and
federal, state, and local LEAs have clear guidance as CALEA
implementation moves forward, particularly as communications technology
changes. The Petition was placed on Public Notice on March 12, 2004;
comments were due by April 12, 2004 and reply comments were due by
April 27, 2004. The Commission received comments from LEAs, cable
organizations, Internet and broadband companies/organizations, privacy
and public interest groups, standards and technology groups, wireless
companies/ organizations, and wireline companies/organizations.
On August 4, 2004, the FCC adopted a Notice of Proposed Rule Making
and Declaratory Ruling (Notice) to launch a thorough examination of the
appropriate legal and policy framework for implementing CALEA. In the
item, the FCC states that it will be guided by several policy goals as
it updates its CALEA policies: First, the FCC wishes to ensure that
LEAs have all of the resources that CALEA authorizes to combat crime
and support Homeland Security. Second, the FCC recognizes that LEAs'
needs must be balanced with the competing policies of avoiding impeding
the development of new communications services and technologies and
protecting customer privacy. Third, the FCC intends to remove to the
extent possible any uncertainty that is impeding CALEA compliance,
particularly for packet-mode technologies.
The Notice addresses a number of areas, including the applicability
of CALEA to broadband Internet access and VoIP, capability requirements
and solutions, compliance extensions, and cost and cost recovery
issues. Each of these topics is discussed below.
Applicability of CALEA to Broadband Internet Access and VoIP
The Notice observes that CALEA applies to ``telecommunications
carriers'' and exempts persons or entities insofar as they are engaged
in providing ``information services.'' The CALEA statute contains its
own unique definition of the term ``telecommunications carrier.''
Specifically, for purposes of CALEA, a ``telecommunications carrier''
is a person or entity engaged in the transmission or switching of wire
or electronic communications as a common carrier for hire, but also
includes entities that provide a replacement for a substantial portion
of the local telephone exchange service if the FCC deems those entities
to be ``telecommunications carriers'' as well. The Notice refers to
this latter clause of the definition as the ``Substantial Replacement
Provision.''
The Notice tentatively concludes that, where a service provider is
found to fall within the Substantial Replacement Provision, it should
be deemed a ``telecommunications carrier'' for purposes of CALEA, to
which CALEA obligations would apply. If, at the same time, the FCC
interpreted CALEA's information services exclusion to apply, it would
present an irreconcilable tension; that is, particular service
providers would find themselves at the same time subject to CALEA under
the Substantial Replacement Provision and exempted from it by virtue of
the information services exclusion. The Notice tentatively concludes
that the better reading of the statute is to recognize and give full
effect to CALEA's broader definition of ``telecommunications carrier''
and to interpret the statute to mean that where a service provider is
determined to fall within the Substantial Replacement Provision, by
definition it cannot be providing an information service for purposes
of CALEA.
The Notice also tentatively concludes that facilities-based
providers of any type of broadband Internet access, including but not
limited to wireline, cable modem, satellite, wireless, and broadband
access via powerline, are subject to CALEA because they provide
replacement for a substantial portion of the local telephone exchange
service used for dial-up Internet access service and such treatment is
in the public interest. This tentative conclusion is based on the
premise that broadband Internet access includes switching and
transmission functionality and it replaces a substantial portion of the
local exchange service used for narrowband Internet access.
The Notice observes that, at the time CALEA was enacted, Internet
services were generally provided on a dial-up basis by two separate
entities providing two different capabilities--a local exchange
telephone company carrying the calls between an end user and its chosen
Internet Service Provider (ISP), and the ISP providing e-mail, content,
web hosting and other Internet services. In its Report on the CALEA
statute, the House of Representatives was quite clear as to the status
of these different entities under CALEA: The local exchange carrier
providing the local exchange transmission service that enabled the call
to that dial-up ISP--``the transmission of an E-mail message''--was
covered as a telecommunications carrier providing a ``plain old
telephone service'' or ``POTS'' functionality (a ``phone call''). By
contrast, the separate ISP was not subject to CALEA because the
functions it provided--such as the storage of a message in an E-mail
`box' ''--were ``information services.'' The Notice's tentative
conclusion respects the House's understanding and does not propose
attaching CALEA obligations to services or applications that ``ride
over'' the underlying broadband transmission, such as e-mail storage,
web browsing capabilities and Internet gaming.
The Notice also tentatively concludes that providers of ``managed''
VoIP services, in which the provider acts as mediator to manage the
communication between its end points and offers the service to the
general public as a means of communicating with any telephone
subscriber, including parties reachable only through the public
switched telephone network (PSTN) are subject to CALEA. Such VoIP
service providers offer an electronic communications switching or
transmission service that replaces a substantial portion of local
exchange service for their customers in a manner functionally the same
as POTS service. The FCC believes that there is an overriding public
interest in maintaining LEAs' ability to conduct wiretaps of on-going
voice communications that are taking place over networks that are
rapidly replacing the traditional circuit-switched network, yet
providing consumers essentially the same calling capability that exists
with legacy POTS service.
Further, the Notice observes that it appears that basic
capabilities essential to LEAs' surveillance efforts, such as access to
call management information (e.g., call forwarding, conference call
features such as party join and drop) and call set up information
(e.g., real time speed dialing information, post-dial digit extraction
information) may not be reasonably available to the broadband access
provider. Consequently, subjecting only the broadband access provider
to CALEA without including managed VoIP service providers could
undermine LEAs' surveillance efforts.
Capability requirements and solutions
The Notice seeks comment on telecommunications carriers' capability
obligations under section 103 of CALEA. Section 103 requires
telecommunications carriers to enable LEAs, pursuant to a court order
or other lawful authorization, (1) to intercept, to the exclusion of
other communications, wire and electronic communications carried by the
carrier to or from a subject, and (2) to access call-identifying
information that is reasonably available to the carrier, subject to
certain conditions. Further, the interception of communications or
access to call-identifying information is to be delivered to LEAs in a
format that may be transmitted over the equipment, facilities or
services procured by LEAs, to a location other than the provider's
premises and in a way that protects the privacy and security of
communications and information not authorized to be intercepted or
accessed.
The Notice observes that CALEA defines call-identifying information
as dialing or signaling information that identifies the origin,
direction, destination, or termination of each communication generated
or received by a subscriber by means of any equipment, facility, or
service of a telecommunications carrier. The exact application of that
term is not always clear in the context of broadband access and VoIP
services. Call-identifying information may be found within several
encapsulated layers of protocols, some of which may be considered
packet content. The Notice invites comment as to how the FCC should
apply that term for broadband and VoIP services. The Notice also
invites comment on who may be in the best position to provide this
information.
The Notice observes that telecommunications carriers may use
whatever method they choose to satisfy CALEA's requirements. CALEA
requires that LEAs and industry work cooperatively to develop standards
that would serve as ``safe harbors.'' In other words, if a
telecommunications carrier employs an industry-developed standard, it
would be deemed compliant with CALEA.
Under CALEA, any party may petition the FCC to address deficiencies
in industry ``safe-harbor'' standards. While Law Enforcement has
criticized certain of the industry standards, no petitions have been
filed asking the FCC to intervene. The Notice invites comment as to
whether standards for packet-mode technologies are deficient and thus
preclude carriers from relying on them as safe harbors for complying
with CALEA.
The Notice also invites comment on the feasibility of carriers
relying on a trusted third party to manage their CALEA obligations. The
trusted third party effectively acts as a surveillance service provider
by collecting the packets from the carrier's network, extracting the
information to which a LEA is entitled, and conveying it in an
acceptable format to that LEA. Such an approach is already being used
in both the United States and other parts of the world.
Compliance extensions
The Notice proposes several steps to ensure that telecommunications
carriers comply with CALEA. CALEA section 107(c) provides that
telecommunications carriers may request, and the FCC, after
consultation with the Attorney General, may grant, extensions of time
for CALEA compliance. The Notice proposes to restrict the availability
of compliance extensions under CALEA section 107(c). The Notice also
proposes to clarify the role and scope of CALEA section 109(b), under
which carriers may be reimbursed by the Department of Justice for their
CALEA compliance costs. The Notice specifies the information that would
be required to be filed with Section 107(c) and 109(b) petitions. The
Notice asks whether there are special concerns regarding small and
rural carriers seeking additional compliance extensions, and,
generally, proposes to afford all carriers with pending petitions a
reasonable period of time (e.g., 90 days) in which to comply with, or
seek relief from, any determinations that the FCC eventually adopts in
the rulemaking proceeding. Additionally, the Notice considers whether,
in addition to the enforcement remedies through the courts available to
LEAs under CALEA section 108, the FCC may take separate enforcement
action against carriers that fail to comply with CALEA. The Notice
tentatively finds that the FCC has general authority under the
Communications Act to promulgate and enforce CALEA rules against
carriers and non-common carriers.
Cost and cost recovery issues
In its Petition, Law Enforcement contends that CALEA places the
financial burden of post-January 1, 1995 implementation on carriers and
not LEAs. Law Enforcement requests that the FCC establish rules
confirming that carriers bear the sole financial responsibility for
post-January 1, 1995 CALEA implementation, unless otherwise specified
by the FCC, recognizing that a specific carrier could have its costs
reimbursed by the Department of Justice in the context of a CALEA
section 109(b) petition. Related to this request, Law Enforcement asks
the FCC to eliminate the issues of compliance costs as a basis for
delayed compliance or non-compliance by establishing rules permitting
carriers to recover CALEA implementation costs from their customers.
The Notice tentatively concludes that carriers are responsible for
CALEA development and implementation costs for post-January 1, 1995
equipment and facilities. The Notice also seeks comment on cost
recovery options that could reduce CALEA-related burdens otherwise
imposed on carriers and their customers, particularly in rural areas.
The Notice also asks for comment on how to assess the scope of CALEA-
related costs in this proceeding. Commenters are requested to submit
cost calculations and analysis, and to identify any conditions or
factors that may affect the FCC's ability to determine the true scope
of CALEA-related costs. The Notice refers to the Federal-State
Separations Joint Board cost recovery issues for carriers subject to
Title II of the Communications Act.
DECLARATORY RULING ON PUSH-TO-TALK SERVICES
The companion Declaratory Ruling grants Law Enforcement's request
in the Petition and clarifies that commercial wireless ``push-to-talk''
services are subject to CALEA, regardless of the technologies that
Commercial Mobile Radio Service providers choose to apply in offering
them. In a prior decision, the FCC ruled that push-to-talk ``dispatch''
services that are interconnected to the PSTN are subject to CALEA. In
effect, such push-to-talk service is a switched service that is
functionally equivalent to a combination of speed dialing and
conference calling. If push-to-talk ``dispatch'' service otherwise does
not interconnect to the PSTN, the FCC found that it is not subject to
CALEA.
Commercial mobile radio service providers are developing push-to-
talk services based on use of packet technologies. Some parties
asserted that such push-to-talk service is offered over a closed
network and therefore should not be subject to CALEA. The Declaratory
Ruling notes that CALEA is technology neutral; therefore, the choice of
technology that a carrier makes when offering common carrier services
does not change its obligations under CALEA.
CONCLUSION
As Chairman Powell noted in his statement on the CALEA Notice of
Proposed Rulemaking and Declaratory Ruling: ``[The Commission's]
support for law enforcement is unwavering.'' As the Chairman also
noted, the FCC's tentative conclusions in the Notice with respect to
new packet-mode services such as VoIP is expressly limited to the
requirements of the CALEA statute and does not indicate a willingness
on the FCC's part to regulate those services as traditional
telecommunications services. CALEA and other important social
obligations can and will be continued without imparting upon carriers
the full litany of analog, monopoly regulation. Similarly, the FCC is
not proposing to regulate under the CALEA statute ``non-managed'' VoIP
services, such as Instant Messaging, in which the service provider has
minimal or no involvement in the flow of packets during the
communication.
However, it is the FCC's unmistakable intent to ensure that LEAs
have all of the electronic surveillance capabilities that CALEA
authorizes to combat crime and terrorism and support Homeland Security.
The FCC looks forward to developing a complete and comprehensive record
before determining how best to proceed. The FCC will devote the
necessary resources to expeditiously and responsibly complete this
task.
The FCC is also cognizant that the Congress is currently
contemplating legislation that may address CALEA. The FCC would welcome
Congressional guidance in this area that would bring added certainty to
the industry and lessen the risk of litigation. The Commission stands
ready to provide whatever technical assistance that the Congress would
find helpful in this regard.
I would like to thank you, Mr. Chairman, for the opportunity to
appear before you today. This concludes my testimony and I would be
pleased to answer any questions you or the other members may have.
Mr. Upton. Thank you very much.
At this point we are going to take a brief adjournment as
we have a series of votes on the floor. My sense is that we
will be back about 12 o'clock. So we will take a 30 minute
recess. We will come back at 12, and we will start with Mr.
Baker when we come back.
Thank you.
[Brief recess.]
Mr. Upton. We will resume.
I do not know. I guess the clock is still not working there
at the table, but we'll resume. Is it working for them? There
is a light on this side, and the light is out. So maybe that is
the problem.
Mr. Baker, welcome.
STATEMENT OF STEWART A. BAKER
Mr. Baker. Thank you, Mr. Chairman, members. I am Stewart
Baker here on behalf of the Telecommunications Industry
Association.
I am not here to suggest that wiretaps are not important or
are not extraordinarily valuable for law enforcement. I used to
be the General Counsel of the National Security Agency, and so
I have some idea just how important it is to have good wiretap
capability.
What I am here to suggest though is that saying that it is
important for law enforcement to have wiretap capability is
just the beginning of the inquiry. Preventing highway deaths is
an important thing as well, and we could prevent highway deaths
if we had a 30 mile per hour interstate speed limit. We have
not done that even though preventing highway deaths is really
important. The reason is because the costs are simply too high
of implementing such a stringent regulation, and I think our
concern is that looking over what the FCC has proposed, they
proposed the equivalent of a 30 mile per hour speed limit on
the ability of industry to innovate.
Ms. Parsky said all we want is for people to come in and
consult with us, and the FCC has drafted a proposal that would
create a vast regulatory machinery, enforcement machinery, that
would enforce the requirement that people come in and consult.
But if you consult and you don't have an answer that the
FBI likes, we know that the next step will be to go to
enforcement, and so at the end of the day, this is a permission
slip process. You need permission to innovate, and if you don't
have the permission of the government when you want to roll out
a new product, you can expect a law enforcement lawsuit and
perhaps a cease and desist order.
That kind of tax on innovation is the biggest worry about
the latest regulatory effort that law enforcement has launched
here, and what I would suggest to the committee is that they
take a look again at the way CALEA was written in the first
place.
CALEA said we are going to set a standard, a performance
standard. You have to be able to provide access to
communications, and you have to provide reasonably available
call identifying information. It is up to industry to figure
out how to get there, and if they do not get there, then the
Justice Department can take the company to court as soon as it
can show that it has actually lost capability in an important
case where they could not find some other way to get the
information.
If they do that, then they will be able to impose penalties
on the particular manufacturer and carrier that has not carried
out its obligations. They have not brought any of those
lawsuits, and instead they are proposing something that is a
permission slip system.
In fact, I think if we just implemented CALEA as it is
written, law enforcement would achieve its needs without
imposing a tax on innovation.
I should say denying U.S. companies the ability to innovate
without the permission of the Justice Department and the FBI
does not mean innovation is going to stop. It just means it is
going to happen someplace else, and in that regard, I would ask
you to take a look at today's Wall Street Journal. The front
page says, ``China's telecom forays squeeze struggling
rivals,'' and if you look at the chart that goes with that, you
will see that the telecom manufacturers in China, the largest
one there, 5 years ago was one-fiftieth the size of Lucent or
Nortel. Today it is half the size, and the quotes suggest that
what people are really worried about is what they will be doing
3 and 4 years from today in terms of their ability to penetrate
this market.
They will develop products. They will test them. They will
decide which ones are going to succeed in the market and which
ones will not. They will do it in China. They will do it in
Europe. They will do it in Southeast Asia.
And when they are ready, when they think, yes, this one
will work, then they will bring those products to the United
States, and they will sit down with the FCC and the FBI and the
Justice Department and work out their CALEA obligations. U.S.
companies though will not be able to do that unless they want
to do their innovation abroad because they will not be able to
try anything in a market until they have had the permission
granted by the Justice Department and the FBI.
That strikes me as a fundamentally inappropriate way to
approach this problem.
Thank you.
[The prepared statement of Stewart A. Baker follows:]
Prepared Statement of Stewart A. Baker on behalf of the
Telecommunications Industry Association
Good morning. My name is Stewart Baker. Thank you for inviting me
to testify today on behalf of the Telecommunications Industry
Association (TIA). I am grateful for the opportunity to speak to you
about the current status of law enforcement's ability to access new and
ever-evolving communications systems, including broadband and Voice
over Internet Protocol (VoIP) networks. TIA is a national trade
association of 700 small, medium and large companies that provide
communications and information technology products, materials, systems,
distribution services, and professional services in the United States
and around the world. In addition to representing its members on global
policy matters, TIA is accredited by the American National Standards
Institute, (ANSI), to develop American National Standards used by the
industry. TIA also produces and co-owns SUPERCOMM, the largest annual
communications industry conference and exhibition.
Let me begin by stressing that all of us on this panel want the
government to have the tools that it needs to fight crime and
terrorism. As a former General Counsel of the National Security Agency,
I recognize that it is crucial to give law enforcement those tools. In
fact, several months ago, I testified before the 9/11 Commission on the
need for more aggressive use of government authorities to gather anti-
terror information, and I cautioned about the risks of putting an undue
emphasis on privacy concerns when pursuing terrorists. TIA also
believes strongly that law enforcement needs to have the ability to
conduct lawful surveillance of communications and to have lawful access
to communications systems.
So we all can agree that ensuring lawful law enforcement access to
evidence is an important goal--as important as preventing highway
deaths or ensuring clean air or workplace safety. But if we've learned
anything in the last twenty-five years of regulatory history, it's that
we can't turn off our brains once we are told that a new regulation
will serve an important social goal. No matter how important the goals
they serve, some regulations make sense and some don't. Some go beyond
statutory mandates. Some impose burdens that are nowhere near being
cost-effective, stifling new industries and sending jobs overseas.
This, unfortunately, is the kind of regulation that the Justice
Department and the FBI support imposing today.
Of course law enforcement access is a good thing, at least when
done within the law. But preventing highway deaths is also a good
thing, and there's no doubt that we'd have fewer fatal accidents if the
speed limit on interstate highways was lowered to 30 miles an hour. We
won't do that, though, because the costs of such a regulation simply
are not worth the added benefit. The same is true for wiretaps--except
that today, there's a real risk that we will impose the wiretap
equivalent of a 30 MPH speed limit on some of our most innovative and
lucrative new industries.
The risk of over-regulating and stifling innovation is a risk that
was well recognized ten years ago when Congress drafted the
Communications Assistance for Law Enforcement Act (CALEA). I was in
government when much of this drafting was done. CALEA was the result of
a compromise that gave law enforcement a very carefully limited role in
influencing the course of future technologies. Congress rejected the
idea that the federal government should design or even have a veto over
the design of new technologies. Instead, it set forth a very limited
performance standard for wiretap access that would apply to a limited
portion of the telecommunications industry. The law left lots of room
for innovation and initiative. Industry was free to decide how to meet
the wiretap requirement--industry had the right to set its own
standards, which would provide a presumptively valid safe harbor for
compliance, and individual companies that didn't like the standard
remained free to try something else if they thought they had a better
idea. Telecommunications technologies could be freely deployed without
government interference, even if they did not have a perfect wiretap
solution. Law enforcement could sue a carrier that deployed such
technologies, but the carrier could defend itself by showing that full
wiretap capability was not reasonably achievable in its system, or by
showing that law enforcement could get the same information elsewhere.
TIA and its member companies rose to that challenge. TIA has led
industry standards development efforts under CALEA, working jointly
with the Alliance for Telecommunications Industry Solutions' Committee
T1 to issue the leading CALEA compliance standard, J-STD-025, and the
recent revision for packet-mode services, J-STD-025B. In fact, TIA
member companies have gone well beyond what CALEA requires. For
example, many companies that manufacture cable and Internet telephony
hardware have already voluntarily built in intercept capabilities,
despite uncertainty about whether CALEA applies to those services.
Despite this effort, disputes have arisen about what CALEA
requires. Rather than continue to follow the dispute resolution
processes established by Congress in CALEA, however, the Justice
Department has asked the FCC to overturn key aspects of that carefully
balanced statute. And in its proposed NPRM, the FCC seems ready to
accept the Justice Department's invitation. The NPRM oversteps the
Commission's regulatory authority in serious ways. First, the FCC
proposes to write an entire new regulatory program to interpret and
enforce CALEA, something that was not thought necessary when CALEA was
enacted, or during the ten years thereafter. Second, the FCC seems
willing to set aside CALEA's insight that industry knows more than
government about how to design new telecommunications equipment. Rather
than continue to encourage the development of common industry standards
for giving law enforcement access to call information, the Commission
seems poised to restrict the role of industry standards in CALEA.
Third, the Commission is considering regulation that would cut off all
avenues by which carriers can receive compensation for government-
mandated network modifications--even going so far as to suggest that it
may cut off reimbursements under a statute that the FCC has not
interpreted, enforced, or administered for thirty-five years. Finally,
TIA is concerned that the FCC will not allow adequate timelines for
CALEA implementation.
On the first point, the FCC proposes that it should have a role in
enforcing manufacturers' and providers' CALEA compliance, even though
the statute clearly places enforcement in the hands of lawsuits to be
brought by the Justice Department. But the FCC, citing its general
enforcement authority under the Communications Act, tentatively
concludes that it should promulgate CALEA rules that can be enforced
against all entities deemed subject to CALEA.
The FCC's proposal is an end-run around the enforcement limits
established in CALEA. Congress constructed a regime that gave carefully
circumscribed enforcement power to the federal courts, and the
Communication Act's general grant of authority to the FCC does not
allow it to ignore the enforcement regime Congress established. In
particular, the FCC's approach to implementing new enforcement
regulations ignores the statutory defenses available to providers in
enforcement actions. For example, in the enforcement regime established
in CALEA, a company cannot be sanctioned unless law enforcement has no
alternative method of getting the information it seeks through the
enforcement action. Equally important, by threatening to use fines and
cease-and-desist orders against noncompliant companies, the FCC will
force innovators to get permission from the FCC and the Justice
Department before deploying any new technology that falls into the wide
grey zone created by the FCC's vague proposed regulations. An inventor
who must get a government permission slip before trying out his
invention is not likely to be first to market. While American
innovators are still cooling their heels in Quantico, waiting to
explain a new technology to the FBI Lab, their competitors in
Singapore, China, Japan, and Europe will be manufacturing already. The
U.S. market will end up a laggard, getting technologies after they've
been sufficiently proven in the rest of the world to justify the
engineering and lobbying costs needed to get an assurance of CALEA
compliance.
At bottom, it is important that any enforcement framework allow for
flexibility. Often, there is no simple answer to the question of how
CALEA should be implemented. Instead, decisions in this area require a
sophisticated balancing of the costs and benefits of various
approaches. The CALEA framework is driven by industry standards and
consultation between industry and law enforcement. And this
negotiation-based approach is well-suited to the complex environment of
CALEA compliance. To replace this framework with a top-down regulatory
enforcement approach within the FCC would merely add another burdensome
lawyer of regulatory pressure to an already complex CALEA-compliance
process.
Second, TIA is concerned that in implementing its proposed CALEA
rules, the FCC calls into question the sufficiency of the existing
standards process, which has served as the backbone for industry
compliance with CALEA. Industry-led standards development efforts are
critical to the cost-effective and successful implementation of CALEA.
Congress recognized the integral role of the standards process when it
enacted CALEA. For example, when Congress had to make a choice between
innovation and law enforcement control over CALEA compliance, Congress
choose innovation, with its eyes wide open. Congress knew that the FBI
wanted authority to oversee and even dictate the technical details of
equipment manufacturers' CALEA-compliant solutions. But Congress
rejected that approach, and instead enacted CALEA with a provision that
prohibited law enforcement from requiring ``any specific design of
equipment, facilities, services, features, or system configurations.''
(47 U.S.C. � 1002(b)(1).)
At the same time, in Section 107(a) of CALEA, Congress explicitly
noted the special role it gave to industry in creating standards to
meet CALEA obligations. Section 107(a) ``establishes a mechanism for
implementation of the [CALEA] capability requirements that defers, in
the first instance, to industry standards organizations.'' (H.R. Rep.
No. 103-827, 1994 U.S.C.C.A.N. 3489, 3506 (1994).) But in order for
this standards process to work effectively to address law enforcement's
needs, industry needs to have the support of regulators. And right now,
that support appears to be lacking. The FCC in its CALEA NPRM questions
whether existing standards are deficient and whether it should only
recognize standards produced by certain organizations.
Further, law enforcement has been uncomfortable with the fact that
CALEA gives the lead standards role to industry. Since CALEA was
enacted, law enforcement has wanted to guide, if not dictate, the
detailed CALEA solutions that industry may implement. While this has
created considerable tension between law enforcement agencies and
industry throughout the standards process, there is no evidence to
suggest that industry standards participants have acted in anything
other than good faith.
In fact, TIA, its member companies, and other participants in TIA's
standards activities have worked diligently--and cooperatively with law
enforcement--for nearly a decade to adopt and improve CALEA standards
and to ensure that law enforcement has access to appropriate, lawfully
authorized electronic surveillance capabilities consistent with CALEA's
statutory requirements. TIA's efforts led to the development of the J-
STD-025 series of CALEA compliance standards, created at the expense of
thousands of hours of industry experts' time and months of meetings.
Instead of scuttling the standards process altogether, law
enforcement should be required to identify with specificity what
aspects of what standards it is challenging, and the particular ways in
which it deems the standards to be deficient. Industry should be given
the opportunity to respond to law enforcement's concerns. Industry has
demonstrated its responsiveness and diligence in developing standards
in the past, and there is no reason to doubt that this level of
cooperation will continue.
A leading role for industry in CALEA standards-setting is essential
to further Congress's goal ``to avoid impeding the development of new
communications services and technologies.'' (H.R. Rep. No. 103-827,
1994 U.S.C.C.A.N. 3489, 3493 (1994).) Industry is by far best situated
to design CALEA compliance standards in a complex, rapidly changing
technology environment. An industry-led standards process permits U.S.
companies to press forward with technological innovation, which is one
of the key drivers of the U.S. economy in recent decades. At the same
time, an industry-led standards process affords industry appropriate
lawfully authorized electronic surveillance capabilities for evolving
communications technologies.
The FCC also has suggested that perhaps CALEA standards should be
set only by ANSI-accredited bodies. That is not what CALEA requires,
and for good reason. TIA is an ANSI-accredited body, and it has written
CALEA standards, so you might expect us to be comfortable with such a
proposed limitation. But we are not. ANSI procedures call for consensus
standard-making, and, in some instances, law enforcement has tried to
use this requirement to defeat standards that all of industry has
supported--by asking hundreds of sheriffs and local police to join the
standards process at the last minute, for example, for the purpose of
voting against the industry standard. In addition, an ANSI-
accreditation requirement would encourage harsh tactics, such as the
FBI's (now abandoned) effort to revoke TIA's accreditation after TIA
adopted a standard that the FBI did not accept.
Third, TIA is concerned that manufacturers and service providers
will be required to undertake expensive and burdensome network
modifications in order to comply with CALEA under the FCC's proposed
rules. Because the beneficiary of these changes are law enforcement
agencies in the first instance and the general public in the last, one
would expect that the cost of the changes would be carried largely by
those parties. But the FCC's proposed rule puts the burden on industry,
and it seems determined to make sure that there is no possibility of
relief from the costs of CALEA. Instead, the FCC should reaffirm its
previous conclusion that service providers may recover a reasonable
share of CALEA costs that intercept law allows them to charge when
carrying out a wiretap order. The principal mechanism for recovering
those costs, Title III of the Omnibus Safe Streets and Crime Control
Act of 1968, is far from the FCC's jurisdiction, and there is no need
for the FCC to reach out now to determine that CALEA costs cannot be
recovered under that statute.
Finally, TIA urges a reasonable timeline for requiring compliance
with whatever rules the FCC eventually promulgates. Regulators and law
enforcement must understand that industry needs a reasonable compliance
deadline that creates enough space for equipment manufacturers, like
the TIA members, to design and develop CALEA solutions well in advance
of their actual deployment in the market.
In conclusion, I stress that, despite the crisis atmosphere
fostered by the government, the Justice Department and law enforcement
have never once used the enforcement powers that CALEA gives them. The
only logical conclusion is that there has never been a single case--not
one, not anywhere in the country, and not at any time in the last
decade--in which the Justice Department thought it could prove that a
carrier had failed to meet its CALEA obligation and that important
evidence was being lost. Before throwing out CALEA as a failure and
substituting a new FCC regulatory program that will slow innovation and
saddle industry with heavy costs, we suggest that the government try
using the tools that Congress provided ten years ago.
Mr. Upton. Dr. Green.
STATEMENT OF RICHARD R. GREEN
Mr. Green. Thank you, Mr. Chairman and members of the
committee.
I am Richard Green, President and CEO of Cable Television
Laboratories.
This committee has been at the center of the technical
revolution which has brought progressive enhancements to
communication in the United States. It has been my privilege to
testify before you on previous occasions on subjects related to
emerging technology.
Today I appreciate the opportunity to testify on cable's
leadership role in helping to facilitate law enforcement's
legitimate access to voice over Internet protocol services. I
speak to you today as a scientist who has devoted most of my
professional career to the application of emerging technology.
In addition, Cable Labs conducts and funds research and
development projects to help cable companies plan for the
future and applies technologies to meet customers' needs. It is
our purpose to foster and develop technologies which will
support the United States in a leadership role and innovation.
Cable Labs was incorporated under the Cooperative Research
Act. The act, which this committee played a key role in
developing, encourages research and development among companies
within an industry like the cable industry. I believe that we
have been able to realize the potential of that act by, among
other things, contributing to the development of a burgeoning
broadband industry.
Turning to that issue which is before you today, the
PacketCable project at Cable Labs has issued specifications, no
worldwide standards, supporting among other services telephone
services using advanced voice over Internet technologies. These
specifications not only provide compliance with CALEA, but also
introduce innovative Internet protocol technologies to insure
that the United States remains a leader in the competitive
marketplace of the future.
The cable industry has a history of cooperation with law
enforcement. This was exemplified in the development of Cable
Labs' PacketCable electronics surveillance specification
developed during the period 1999 to 2004.
In 1999, at the request of cable operators and with the
assistance of cable equipment manufacturers, Cable Labs
published the first VoIP lawful electronic surveillance
specification. This initiative was a volunteer effort by the
cable industry to address requirements outlined in CALEA.
Law enforcement through the FBI and its contractors
participated in the development of subsequent versions of that
specification. These revisions reflect cable's willingness to
work with law enforcement and to meet their needs even to the
extent of adding additional capabilities and attendant costs to
equipment.
The most recent version of the PacketCable electronic
specification was published this year on July 23. Mr. Chairman,
this development means that in spite of the numerous
technological differences and complexities of VoIP, law
enforcement will receive the same type of information and call
content for voice services placed over PacketCable networks as
in calls made with traditional wire line telephones.
Cable Labs has developed this technology not only to meet
law enforcement's needs as addressed in CALEA, but also to
address the public's privacy and security needs as mandated in
the law. The devices and procedures in our specification are
only activated pursuant to valid court orders and only gather
information on the specific individual named in the court
order.
We take great pride in a recent FBI press release
commending the cable industry for its work in addressing the
electronic surveillance requirement of Federal, state, and
local law enforcement agencies.
In conclusion, Cable Labs and its member companies will
continue our efforts to contribute innovative technologies to
insure U.S. leadership in the world marketplace. We also look
forward to continued cooperation with this subcommittee, the
FCC, the FBI, the Department of Justice, and other Federal
authorities in providing technical solutions to safeguarding
our national security and the public's privacy and security
needs.
Thank you very much, and I'll be pleased to answer any
questions you might have.
[The prepared statement of Richard R. Green follows:]
Prepared Statement of Richard R. Green, President and Chief Executive
Officer, Cable Television Laboratories, Inc.
INTRODUCTION
Mr. Chairman, Mr. Markey, members of the subcommittee, I am Richard
Green, President and CEO of Cable Television Laboratories, Inc.
(CableLabs). It has been my privilege to testify before this
subcommittee on previous occasions on subjects related to emerging
technology. These topics have included High Definition Television in
the 1980s, digital television, and broadband technologies in subsequent
years. Today, I appreciate the opportunity to testify on cable's
leadership role in helping law enforcement officials apply CALEA to
modern digital telecommunications technologies. I am especially pleased
to describe the industry's efforts--through CableLabs--to facilitate
law enforcement's legitimate access to cable's Voice over Internet
Protocol (VoIP) services.
I speak to you today as a scientist who has devoted a great deal of
his professional career to questions involving the application of
digital technology. The experience I gained during four years as
Director of the CBS Advanced Television Technology Laboratory, five
years as Senior Vice President of Operations and Engineering of PBS,
and fifteen years as CEO of CableLabs gives me a special appreciation
for the technical perspectives of manufacturers, cable operators, cable
equipment manufacturers, and the need to be responsive to law
enforcement's requests.
CABLELABS
CableLabs is a research and development consortium of cable
television system operators serving North and South America. CableLabs
conducts and funds research and development projects to help cable
companies plan for the future and apply technology to meet consumers'
needs. CableLabs was incorporated under the Cooperative Research Act.
The Act, which this committee played a key role in developing,
encourages research and development among companies within industries
like the cable industry. I believe that we have been able to realize
the potential of that Act by, among other things, contributing to the
development of a burgeoning broadband industry, helping to spur the
transition to digital TV, and facilitating the deployment of new
digital services like VoIP.
For example, 29 million American homes now enjoy high-speed
Internet access connections, and 18 million of those homes are served
by cable's high-speed data service. The specifications for
substantially all the cable modems used in those homes were developed
at CableLabs. In the past, computer users knew that they could buy a
modem that would work on any phone line. Cable industry leaders wanted
their customers to be able to buy their own cable modem at retail and
be confident that it would work on any cable system in North America.
Through CableLabs' DOCSIS ' (Data over Cable Service
Interface Specification) project, that goal has been achieved. Cable's
broadband service is providing an important new--and competitive--high-
speed data highway into American homes.
The CableLabs process is open, cooperative, and as efficient as
possible. We work to keep equipment development time to a minimum. We
have pursued an approach similar to that used with cable modems to
remove technical barriers for the deployment of telephone services over
cable networks. The PacketCable project at CableLabs has issued
specifications--now worldwide standards--supporting, among other
services, telephone services using advanced voice over the Internet
technologies. These standards go beyond compliance with CALEA but also
introduce innovative Internet Protocol technologies to ensure that the
United States remains a leader in the competitive marketplace of the
future.
CABLE HAS COOPERATED WITH LAW ENFORCEMENT ON CALEA AND VOIP SINCE 1999
The cable industry has a history of providing law enforcement with
the assistance it needs. This was exemplified in the development of
CableLabs' PacketCable Electronic Surveillance Specification between
1999 and the summer of 2004. PacketCable is a cable network
architecture that allows a cable operator to provide guaranteed-quality
VoIP as well as other services such as video games. In 1999, CableLabs'
PacketCable project, at the request of cable operators and with the
assistance of cable equipment manufacturers, published the first VoIP
lawful surveillance specification.
This specification was a voluntary effort by the cable industry to
address CALEA in the event a cable operator's PacketCable service was
deemed to be subject to CALEA. Law enforcement, through the FBI and its
contractors, became involved in the development of subsequent versions
of the PacketCable Electronic Surveillance Specification in 2001 with
revisions to the specification published in 2003 and 2004. Each of
these revisions reflects cable's willingness to work with law
enforcement to meet law enforcement's needs--even to the extent of
adding additional capabilities and attendant costs to equipment. The
last version of the PacketCable Electronic Surveillance Specification
was published on July 23, 2004, and provides solutions to all of the
issues the FBI has identified with the previous versions of the
specification. This now means that, in spite of technological
differences and complexities, law enforcement will receive the same
types of call identification and call content for calls placed over a
PacketCable-compliant VoIP service as in calls made with traditional
wireline telephones. (See Appendix I for a summary of the steps taken
by CableLabs to develop the PacketCable specifications, 1999-2004.)
CableLabs developed its lawful surveillance specification not only
to meet law enforcement's needs as are addressed in CALEA but also to
meet obligations regarding the public's privacy and security needs as
required by the law. CALEA expressly states that a telecommunications
provider must ensure that subscriber privacy and security are protected
for telecommunications and call-identifying information not authorized
to be intercepted. The devices and procedures in CableLabs'
specification are only activated pursuant to a valid court order and
only gather information on the specific individual named in the court
order.
The cable industry has met all of the FBI's needs with regard to
VoIP. Specifically, CableLabs succeeded by July 2004 in resolving every
issue on the FBI's ``wish list'' for CALEA compliance by cable's VoIP
services, including:
� Subject-initiated conference calls--provides law enforcement with the
content of subject-initiated conference calls.
� Timing Information--allows law enforcement to correlate call
identifying information with call content.
� Subject-initiated dialing and signaling--provides law enforcement
with access to all subject dialing and signaling information
such as use of flash hook (call waiting) and feature keys.
� In band/out-of-band signaling--notifies law enforcement whenever
subject's service sends a tone or other network message such as
if a line is ringing or busy.
� Party Hold/Join/Drop--allows law enforcement to identify the active
parties to a subject-initiated call.
� Dialed Digit Extraction--provides law enforcement those digits dialed
by a subject during a call.
Testing of cable equipment built to these specifications will begin
in February 2005, and products that do not meet the latest version of
the PacketCable Electronic Surveillance Specification will not be
CableLabs' certified--nor are they likely to be purchased by cable
operators.
The success of the PacketCable Electronic Surveillance
Specification is demonstrated in: (1) its being the only VoIP CALEA
``Safe Harbor'' specification listed on the FBI's AskCALEA website; (2)
its consideration by other VoIP-related organizations; (3) the FCC's
public commentary noting cable's contribution to the lawful electronic
surveillance of VoIP calls; and (4) the FBI's cooperation in, and
contribution to, the specification's development and its subsequent
positive comments on the specification and the CableLabs' process.
The cable industry, through CableLabs, continues to provide
technical assistance to law enforcement and has worked with the FBI on
how law enforcement may collect the information it lawfully needs from
subjects using PacketCable-based VoIP services. We take great pride in
comments from a recent FBI press release in which Kerry Haynes, FBI
Assistant Director for the Investigative Technology Division, states:
[The latest version of the PacketCable Electronic Surveillance
Specification] is an extremely positive development for the
cable industry that ultimately will empower federal, state and
local law enforcement agencies with the technical capability to
continue to protect the public by effectuating court-authorized
electronic surveillance investigations. We look forward to
working with the industry in its development of technical
solutions based on this standard and with companies as they
implement those solutions into their IP networks.
CABLE WAS THE FIRST BROADBAND PROVIDER IN 2004 TO COOPERATE WITH THE
FEDERAL COMMUNICATIONS COMMISSION ON APPLYING CALEA TO VOIP SERVICES
The cable industry has long recognized that certain IP telephony
services may become a replacement for some of the uses of traditional
telephony, and that--at some point--providers of such services could
reasonably be expected to provide efficient and effective means to
allow law enforcement access to telecommunications over such
services.1 For this reason, the cable industry, led by
CableLabs and the member companies of NCTA, has voluntarily sought to
comply with the substance of CALEA's requirements in developing its
PacketCable architecture for VoIP. In particular, as I mentioned above,
the industry has devoted substantial resources to developing several
PacketCable Electronic Surveillance Specifications for use as ``safe
harbors'' under 47 U.S.C. � 1006(a)(2).2
---------------------------------------------------------------------------
\1\ See H.R. Rep. No. 103-827, at 9 (1994) (``House Report'')
(purpose of CALEA is ``to preserve the government's ability. . . to
intercept communications involving advanced technologies'').
\2\ The most recent version of the PacketCable Electronic
Surveillance Specification is available at http://www.packetcable.com/
downloads/specs/PKT-SP-ESP-I03-040113.pdf. Prior versions, which
provide safe-harbor protection to providers that have already installed
equipment that is compliant with those versions, are available at
http://www.cablelabs.com/specifications/archives/
---------------------------------------------------------------------------
In 2004, the Department of Justice (DOJ) and Federal Bureau of
Investigation (FBI) asked the Federal Communications Commission (FCC)
to issue a declaratory ruling determining immediately--i.e., without
awaiting the outcome of the Commission's rulemaking on IP-Enabled
Services 3--that CALEA applies to various kinds of IP
telephony (``Broadband Telephony'') as well as to cable modem service
and other forms of high-speed Internet access (``Broadband Access'').
In their submissions to the FCC, most communications industries urged
the Commission to reject the Administration's requests--except for the
cable industry.
---------------------------------------------------------------------------
\3\ IP-Enabled Services, Notice of Proposed Rulemaking, WC Docket
No. 04-36, FCC 04-28 (rel. Mar. 10, 2004) (``IP-Enabled Services
NPRM'').
---------------------------------------------------------------------------
Cable companies--through their trade association, NCTA--took a
different position. They supported the issuance of a declaratory ruling
by the FCC that providers of Broadband Telephony are properly viewed as
``telecommunications carriers'' for purposes of CALEA, subject to two
qualifications. First, the FCC should include within the scope of its
ruling all similarly-situated providers of Broadband Telephony,
including services like Vonage and AT&T's CallVantage. Second, the
Commission should make clear that, when services like Vonage and AT&T's
CallVantage are provided over the facilities of cable operators or
other companies, the responsibility for complying with CALEA lies with
the Broadband Telephony provider, not the facilities owner.
In addition, NCTA supported the issuance of a Notice of Proposed
Rulemaking (NPRM) addressing whether Broadband Access should be made
subject to CALEA in due course. The ultimate decision on the merits
here, however, raises more complex issues. Until now, there has never
been substantial reason to expect that cable modem service might ever
be subjected to CALEA. Thus, there has been little investigation or
debate concerning the public policy and law enforcement objectives in
developing of CALEA-related technical requirements for the equipment
that cable operators use to provide the service. However, the cable
industry and CableLabs will continue to work with the United States
Government to ensure that law enforcement is able to access lawfully
the information needed to safeguard our national security.
In response to the joint DOJ/FBI petition, the FCC recently
commenced a rulemaking on CALEA compliance issues. It tentatively
concluded that most VoIP services would be subject to CALEA--
essentially echoing the cable industry's legal rationale. It also
tentatively concluded that Broadband Access should be subject to CALEA.
Cable companies and the NCTA will submit their own individual comments
on the specifics of such a proposal to the FCC.
CONCLUSION
CableLabs and its member companies--who also belong to NCTA--look
forward to continued cooperation with this subcommittee and other
Federal authorities in safeguarding our national security. I would be
pleased to answer any questions you might have.
Appendix I
SUMMARY OF THE DEVELOPMENT OF CABLELABS' LAWFUL SURVEILLANCE
ARCHITECTURE WITHIN THE PACKETCABLE SPECIFICATION FOR VOIP
I. First Version Published December 29, 1999
a. Drafted at CableLabs members' request in the event VoIP (using
cable's PacketCable architecture) was deemed to be subject to
CALEA.
b. Developed by MSOs, cable equipment manufacturers pooling their
intellectual property and MSO legal community.
c. Established basic surveillance needs:
i. Demarcation point between MSO and law enforcement (delivery of
call content and call identification from the MSO to law
enforcement).
ii. Delivery Function (in which the copied packets are delivered to
law enforcement's Collection Function).
iii. Intercept Access Points within the PacketCable Architecture.
iv. Basic capabilities for delivery of VoIP call information and
VoIP call content to law enforcement.
II. Second Version Published August 15, 2003
a. June 2001--The FBI became involved and submitted engineering
changes to the PacketCable Lawful Surveillance Specification.
b. November 2001--CableLabs forms a focus team of cable equipment
manufacturers to address the FBI's requested changes and
resolve technical issues with the first version of the
specification.
c. New capabilities added:
i. Law enforcement receives information on subject initiated
signaling (signals such as number dialed, flash hook,
feature keys).
ii. Law enforcement receives information on network initiated
signaling (such as call connection and hang up).
III. Third Version Published January 13, 2004
a. Addressed additional FBI engineering change requests submitted
just prior to the publication of the second version of the
specification.
b. Addressed minor technical issues within the second version of the
specification.
c. Coordinated specifications information for the Delivery Function--
Collection Function Interface.
d. New capabilities added:
i. Report of IP specific ``call data'' to law enforcement for trap
and trace and pen register.
ii. Three-way calling information.
iii. All relevant punch list items met save some conference call
information and dialed digit extraction (collection of
numbers called after call was initiated, such as PIN
numbers).
IV. Fourth Version Published July 23, 2004
a. MSO push to support solutions to collection of all FBI requested
conference call information and collection of digits dialed
after call is initiated (dialed digit extraction).
b. FBI provided a list of specific comments to the current
specification in May, 2004.
c. Dialed Digit Extraction solution reached by adding additional
capabilities, at additional cable operator cost, to the
Delivery Function.
d. New Capabilities:
i. Dialed Digit Extraction.
ii. Party Hold/Join/Drop (knowing when someone joins a conference
call, leaves a conference call or goes on hold).
iii. Transcoding between the Delivery Function and the Collection
Function.
1. Translation of the many codecs (means of translating
packets into voice) that cable operators use or may be
used to just a few codecs.
2. Lessens the number of codecs law enforcement needs
to support (helpful for rural law enforcement with
small budgets).
3. FBI originally wanted to limit the number of codecs
cable operators may use. This CableLabs' solution
allows for future growth and technological change while
meeting law enforcement's needs.
e. Punch List Items are now all addressed:
i. Subject-initiated conference calls--provides law enforcement
with the content of subject-initiated conference calls.
ii. Timing Information--allows law enforcement to correlate call
identifying information with call content.
iii. Subject-initiated dialing and signaling--provides law
enforcement with access to all subject dialing and
signaling information such as use of flash hook (call
waiting) and feature keys.
iv. In band/out-of-band signaling--notifies law enforcement
whenever subject's service sends a tone or other network
message such as if a line is ringing or busy.
v. Party Hold/Join/Drop--allows law enforcement to identify the
active parties to a subject-initiated call.
vi. Dialed Digit Extraction--provides law enforcement those digits
dialed by a subject during a call.
f. Testing of equipment to begin February 2005:
i. Products that do not meet the latest version of the PacketCable
Electronic Surveillance Specification will not be CableLabs
certified.
ii. Cable operators prefer to buy CableLabs-certified equipment.
Mr. Upton. Thank you.
Mr. Dempsey.
STATEMENT OF JAMES X. DEMPSEY
Mr. Dempsey. Mr. Chairman, members of the subcommittee,
good afternoon. Thank you for this opportunity to testify.
Mr. Chairman, nobody denies the interests of the government
in being able to intercept terrorist communications. These are
obviously extremely important. Let us even assume that they are
paramount. Let us assume that they trump all other public
policy interests. Forget about privacy; forget about cost,
innovation, competition, network security.
Even if we assume that law enforcement and national
security interests are the only interests at stake, if you look
at the record, you would have to conclude that CALEA is not the
right statute for addressing law enforcement interests in
accessing the Internet and that the FBI is not the right agency
to be regulating the design of information and services and
Internet access.
Now, I am happy to discuss at length the language and
intent of CALEA. Congress was as clear as it could be in CALEA
that it did not apply to the Internet, that it was intended for
the circuit switched world of the PSTN. Congress used not only
a belt in saying that CALEA applied only to telecommunications
common carriers, but it used suspenders as well and said that
information services and Internet services were exempt from
CALEA.
It then used some safety pins and said that even if
Internet services became a replacement for a substantial
portion of the traditional telephone network, it was still
excluded from CALEA.
The FCC issued an NPRM last month and was so results
oriented because it was so focused on this compelling interest
of fighting terrorism that it decided to ignore the statutory
language. Three of the five Commissioners filed separate
statements indicating doubts about whether the Commission's
rationale would withstand scrutiny.
But let's leave aside even the question of statutory
interpretation. Let's focus on the record of CALEA
implementation in the plain, old telephone network, which was
supposed to be the easy part.
The Department of Justice's own Inspector General found in
a report issued in April this year, ``deployment of CALEA
technical solutions for electronic surveillance remains
significantly delayed. Most of the authorized funds have been
depleted. Even by the FBI's own estimate, hundreds of millions
of dollars more are needed.''
Most troubling, the IG said, ``CALEA compliance software
has been activated on only 10 to 20 percent of wire line
equipment,'' and the IG found the FBI was unable to demonstrate
the extent to which lawful electronic surveillance has been
adversely impacted by the lack of CALEA implementation. In
other words, they could not show whether this delay in
enforcement or implementation of CALEA made any differences.
What went wrong? CALEA, when it was enacted in 1994, was
filled with checks and balances. It was a very nuanced statute,
but it has become a straightjacket. The way it has been
interpreted by the FCC, it has given the FBI the ability to
design and dictate very specific capabilities, very specific
features to be built into the public switched network in ways
that Congress never contemplated.
Stewart Baker is the one who coined the phrase ``because of
CALEA the FBI has become a telecom regulatory agency.'' FBI
Director Freeh in 1994 came before Congress and said that CALEA
was not intended to create a location tracking capability for
cell phones. As soon as that legislation was passed, the FBI
came to the industry and said, ``We want you to build in a
location tracking capability.'' And they got it. The FCC gave
it to them.
The Director said we only want to get dialed number
information on pen registers. After the legislation was
enacted, the FBI came back and said, ``No, we want to know
every time a party goes on hold. We want to know whether the
phone rang or had a busy signal.'' The FCC ordered that those
features be built in.
The FBI said they only wanted to preserve their traditional
surveillance capabilities. After the legislation was enacted,
they came back and said, ``We want to have the ability on a
conference call to identify every separate party,'' even though
they admitted that that was not a capability that they had had
in the traditional telecom environment.
Now, how do we go forward? The first step has to be to
create a factual record, to identify what are the specific
problems. The 101 page NPRM of the FCC has absolutely no
factual discussion of what are the problems. The FBI's petition
has three conclusory sentences. Somebody needs, and I think it
has to be on the public record; I think this committee has a
role in it; needs to dig in on those facts and find out what
the problems are.
Second, the solution has to be consistent with the
decentralized and innovative architecture of the Internet.
There may be some very simple solutions out there. The so-
called trusted third party model has been put forward. There
are actually companies now who have the ability to analyze
Internet communications and deliver them to law enforcement.
Why can't law enforcement simply acquire that capability
itself?
Mr. Chairman, you alluded in your opening statement to
partnership. CALEA was intended as a partnership. It has not
worked out that way. Here we have the cable industry currently
not subject to CALEA out there developing a standard and
cooperating with industry. I think there is a pretty good bet
that if they were brought under the requirements of CALEA, the
FBI would find something wrong with that standard and would ask
for even more and would constantly go back.
That is what delayed implementation of CALEA. The FBI could
have had 90 percent of the capability they were seeking 4 or 5
years ago, but instead they kept driving for this 100 percent
concept every little additional piece, and we are left now with
CALEA not even fully implemented for the traditional telephone
network.
My organization, the Center for Democracy and Technology,
is happy to work with the committee to work through these
issues, to try to build this factual record, to try to drill
down and to develop solutions that are appropriate to the
Internet.
Thank you, Mr. Chairman.
[The prepared statement of James X. Dempsey follows:]
Prepared Statement of James X. Dempsey, Executive Director, Center for
Democracy & Technology 1
---------------------------------------------------------------------------
\1\ The Center for Democracy and Technology is a non-profit, public
interest organization dedicated to promoting civil liberties and
democratic values for the new digital communications media. Our core
goals include enhancing privacy protections and preserving the open
architecture of the Internet. Among other activities, CDT coordinates
the Digital Privacy and Security Working Group (DPSWG), a forum for
computer, communications, and public interest organizations, companies
and associations interested in communications privacy and security
issues.
---------------------------------------------------------------------------
Chairman Upton, Congressman Markey, and Members of the
Subcommittee, thank you for the opportunity to testify today.
Especially in the face of terrorism, the question of law
enforcement access to communications systems is vitally important.
However, the Justice Department and the Federal Communications
Commission are trying to force the Internet into a 20th century mold.
In terms of innovation, cost, privacy, network security, and national
security, this is the wrong approach. Instead of making the Internet
look like the telephone system of the past, the FBI and other law
enforcement agencies need to acquire in-house capabilities to analyze
digital communications. They should use the Internet, not try to
control it. Keeping pace with technology should not require slowing it
down.
Law Enforcement Mandates Designed for the Telephone Network Are Not
Suited--Nor Are They Needed--for the Internet
To understand why the Justice Department's approach is unnecessary,
unwise and unlikely to be effective, think of the ways in which the
Internet is different from the traditional telephone network of the
past. In the old days, when law enforcement agencies first started
lawfully wiretapping telephones, the Ma Bell monopoly owned and
controlled the entire network, right down to the phone on your desk.
Such a centralized system was reliable, but it was limited. Innovation
was discouraged. Competition was essentially non-existent. Prices were
regulated but relatively high, and usage was cautious.
Now consider the Internet. It is open, competitive, decentralized.
It supports a multiplicity of applications, not only voice, but also
photography, data, and video. It supports one to one, many to one, and
one to many communication. It pushes control to the edges, giving users
far more choices then they ever had. It has no gatekeepers. It
intermeshes wireline, wireless, cable and satellite. It is innovative,
inexpensive, and global. Education, commerce, medicine and government
have reaped the benefits.
In the context of today's hearing, the Department of Justice
complains about the Internet's diversity, but in many ways the digital
age is the age of surveillance. More personal information than ever
before is transmitted, collected and stored in electronic form. In many
ways, law enforcement has embraced the digital revolution. Every year,
the number of wiretaps goes up. Undercover agents lurk in Internet
chats. Police track suspects through cell phones and reconstruct past
movements from EZ Pass logs. The FBI can plant on your computer a
keystroke monitor to copy letters you never send. Agents seize computer
disks holding information that would fill truckloads if printed out.
Voluminous dialing records are analyzed by computer. Conversations
intercepted in New York are shipped across country for translation. A
computer in Russia can be searched from the US.
So despite some of the dire rhetoric you may hear, the Internet is
already tappable today, both legally and from a technical standpoint.
The government has full legal authority to tap broadband Internet
access and Internet communications of all kinds. The government also
has all the legal authority it needs to compel broadband access
providers and Voice over Internet Protocol (``VoIP'') service providers
to cooperate with court orders for interception. 18 U.S.C. � 2518(4).
And from a practical standpoint, law enforcement agencies currently
have and in the foreseeable future will continue to have the capability
to intercept communications over broadband. In some ways, interception
may be less convenient, in that law enforcement may have to go to
different entities to obtain content and routing information. And given
the diversity of services, the information will come in different
formats and law enforcement will have to work harder to determine what
it is intercepting. In other ways, however, Internet surveillance will
be easier, in that the digital nature of communications makes them
easier to analyze, store, and retrieve. Last year, for example,
according to the government's official Wiretap Report, out of 1,442
authorized wiretaps nationwide, the ``most active'' was the
interception of a broadband Internet line.2
---------------------------------------------------------------------------
\2\ ``Report of the Director of the Administrative Office of the
United States Courts on Applications for Orders Authorizing or
Approving the Interception of Wire, Oral, or Electronic
Communications,'' issued April 30, 2004, available at http://
www.uscourts.gov/wiretap03/contents.html.
---------------------------------------------------------------------------
The only question--and it is a big question--is whether additional
authority is needed for the government to insert certain features into
Internet services to make them easier to tap. Answering that question
requires, first, a detailed, technical inquiry into whether there are
any problems associated with Internet surveillance. It then requires a
detailed, technical exploration of how those problems can be solved,
with consideration of the various costs and risks of different
solutions. Throughout, it is important to keep in mind the ways in
which the architecture of the Internet is different from the
traditional telephone network.
CALEA Was Designed for the Traditional Public Switched Telephone
Network
In the 1990s, Congress conducted such an inquiry with respect to
the public switched telephone network. It found that there were some
problems posed by then relatively new technology in the PSTN, and it
concluded that the solutions lay in redesign of the central office
switches of the telephone companies. The result was the Communications
Assistance for Law Enforcement Act (``CALEA'').
CALEA is a 20th century statute for 20th century technology. CALEA
was designed for the centralized, relatively monopolized, and circuit
switched world of the traditional telephone common carriage--entities
already subject to a range of regulatory burdens. The proposed solution
focused on central office switches. That is where the documented
problems were. The carriers operating those switches used for routing
and billing purposes the information they thought the government
wanted. The switch manufacturers thought it would be relatively easy to
build in the ability to meet the government's requests as they were
described in the legislative hearings.
CALEA has not worked all that well even for the PSTN--the
government ended up demanding a lot more functionality, including
features not available with the traditional wiretaps--but the Internet
is fundamentally different from the PSTN and requires a different
approach.
Congress was crystal clear--CALEA was not intended for the
Internet. To make this point, Congress took not merely a belt and
suspenders approach, but added safety pins as well. It said that CALEA
applied only to common carriers, and only to the extent that they are
providing telecommunications services. It excluded information
services, and it said that even if an information service became a
substantial replacement for the PSTN in a particular region, it would
still be excluded from the requirements of CALEA.
At the time, the term ``information services'' was shorthand for
the Internet and the applications running over it (among other
services). The term ``information services'' was broadly defined to
cover current and future advanced software and software-based
electronic messaging services, including email, text, voice and video
services. Narrowband Internet access and Internet applications like
email fit squarely within the definition. As the broadband Internet has
evolved, it continues to be outside the scope of telecommunications
common carriage, and Internet-based telephony services, like all other
Internet applications, fit squarely within the definition of
information services.
The legislative history confirms the plain meaning of the statute.
The Committee Report states that CALEA obligations ``do not apply to
information services, such as electronic mail services, or on-line
services, such as CompuServe, Prodigy, America On-line or Mead Data, or
Internet service providers.'' Telecommunications Carrier Assistance to
the Government, H.R. Rep. 103-827(I), at 23 (Oct. 4, 1994) (``House
Report''). As the FBI Director testified, CALEA was ``narrowly focused
on where the vast majority of our problems exist--the networks of
common carriers, a segment of the industry which historically has been
subject to regulation.'' 3
---------------------------------------------------------------------------
\3\ Testimony of Louis Freeh before the Joint Hearing of the
Technology and Law Subcommittee of the Senate Judiciary Committee and
the Civil and Constitutional Rights Subcommittee of the House Judiciary
Committee, Mar. 18, 1994, available at http://www.eff.org/Privacy/
Surveillance/CALEA/freeh_031894_hearing.testimony.
---------------------------------------------------------------------------
Reading the statute and legislative history, both the FCC itself
and the D.C. Circuit in the past held that CALEA does not apply to the
Internet. In 1999, the FCC concluded that information services ``such
as electronic mail providers and on-line service providers'' are exempt
from CALEA. In the Matter of Communications Assistance for Law
Enforcement Act, Second Report and Order, 15 FCC Rcd 7105, at � 26
(1999). The D.C Court of Appeals stated, ``CALEA does not cover
`information services' such as email and internet access.'' United
States Telecom Ass'n v. FCC, 227 F.3d 450, 455 (D.C. Cir. 2000).
The FCC has recently issued a Notice of Proposed Rulemaking,
tentatively concluding that CALEA should apply to broadband Internet
access and ``managed'' Voice over Internet Protocol (``VoIP'')
services. The NPRM is purely results-oriented. The Commission looked at
the urgency of the terrorist threat, and jumped straight to the
conclusion that CALEA should be extended to the Internet. To do so, it
admitted that it was ignoring the language of the Act and contradicting
its own earlier decisions about the regulatory status of broadband
access. Three Commissioners hinted in separate statements that the
Commission's rationale would not withstand judicial scrutiny.
Congress Needs to Conduct a Factual Inquiry
The first step in responding to the arguments of the Department of
Justice must be a clear showing of need: what are the problems that law
enforcement is encountering? In the early 1990s, during the George H.W.
Bush Administration and then in the Clinton Administration, when the
FBI began complaining that technological changes in the PSTN were
interfering with law enforcement's ability to carry out wiretaps,
Congress refused to adopt a sweeping regulatory mandate. Instead,
Congress insisted first and foremost on a factual inquiry into what
exactly were the problems being encountered by law enforcement.
Hearings were held. The General Accounting Office conducted two
studies. The FBI surveyed its field offices twice. Industry and law
enforcement convened action teams to study the concerns of law
enforcement and possible solutions. At the end of the process, industry
representatives agreed that new technologies were defeating law
enforcement surveillance. Some of the problems had to do with features
such as call forwarding and speed dialing. Others had to do with the
transition to multiplexed lines and fiber optic cables. Most had to do
with the lack of sufficient capacity on switches to simultaneously
accommodate a large number of intercepts.4
---------------------------------------------------------------------------
\4\ Telecommunications Carrier Assistance to the Government, H.R.
Rep. 103-827(I) at 14-16 (Oct. 4, 1994).
---------------------------------------------------------------------------
In 2004, the DOJ/FBI petition and the FCC's 101 page NPRM are
devoid of any factual discussion of problems justifying extension of
CALEA. In the 1990s, when arguing for CALEA, the FBI Director talked
about a de facto repeal of the wiretap laws. The lack of capacity to
accommodate multiple intercepts on wireless switches, which accounted
for the majority of problems documented in the 1990s, represented a
complete shutout for law enforcement. But in the Internet context, the
FCC's recent NPRM refers to problems such not getting exactly the same
information on broadband communications that is available in the PSTN,
or not having the information delivered in a familiar format. These are
not the magnitude of problem that justified Congress adopting CALEA for
the already well-regulated telecommunications common carriers--they
surely do not justify a regulatory mandate for the Internet. Is there a
problem of not having access at a single point to all features and
services used by a surveillance target? Even with respect to the PSTN,
CALEA was not intended to guarantee one-stop shopping for law
enforcement. Are there difficulties in determining which service
provider or which kinds of services a particular suspect is using? If
so, that seems to be an unavoidable byproduct of the diversity of
services that our telecommunications policy has wisely fostered, not a
problem requiring design mandates.
The second step should be a showing of what would a design mandate
for the Internet look like. In this regard, Congress would have to be
very careful and insist on more specificity than it did in 1994. In
applying CALEA to the PSTN, the FCC adopted an elastic interpretation
of CALEA's definitions, requiring carriers to build into their systems
surveillance features that went beyond what had been available to law
enforcement in traditional systems. For example, the FCC gave five
different meanings to the word ``origin'' in the definition of ``call-
identifying information.'' 5 Such flexibility applied to the
Internet could produce endless demands.
---------------------------------------------------------------------------
\5\ ``Origin'' refers, of course, to the phone number of the party
initiating a call. The FCC ruled, however, that ``origin'' also means
the signal indicating that a call is waiting, Third Report and Order,
In the Matter of Communications Assistance for Law Enforcement Act, 14
FCC Rcd 16794 (1999) � 82; use of the flash key on the telephone to
switch back and forth between two established calls, id.; putting a
party on hold, id. � 74; and the location of a wireless phone caller at
the beginning and end of a call, id. � 44.
---------------------------------------------------------------------------
In some ways, the debate today is reminiscent of the encryption
debate of 10 years ago. Law enforcement agencies felt threatened by
encryption. They thought it meant terrorists and drug dealers could
communicate in perfect confidentiality. The government argued that
encryption had to be ``dumbed down'' or built with backdoors for easy
government access. After a long debate, Congress and the Administration
decided that the technology should not be controlled. Law enforcement
and intelligence agencies adjusted. Beginning with the 2000 Wiretap
Report, the government has been required to report on whether
encryption was preventing law enforcement officials from obtaining the
plain text of communications intercepted pursuant to the court orders.
So far, the government has not reported a single wiretap frustrated by
encryption. In 2003, no federal agencies conducting wiretaps reported
that encryption was encountered. For state and local jurisdictions,
encryption was reported to have been encountered in one wiretap in
2003; however, the encryption was not reported to have prevented law
enforcement officials from obtaining the plain text of communications
intercepted.
CALEA Has Not Been Very Successful Even as Applied to the PSTN
Even as applied to the relatively centralized PSTN, CALEA has not
worked well. The FBI and DOJ admitted as much in their petition to the
FCC. Indeed, their petition was almost schizophrenic: the first half
argued that the Internet should be brought within the regulatory scheme
of CALEA while the second half laid out a litany of delays, confusion
and controversy under CALEA as applied to the PSTN.6 The DOJ
and FBI stated that the CALEA implementation process ``is not
working.'' Petition, at 38. They cited ``problems and delays,'' id. at
53; a ``seemingly endless cycle of extensions that have consistently
plagued the CALEA compliance process,'' id. at 55; and more ``problems
and delays,'' id.
---------------------------------------------------------------------------
\6\ Joint Petition for Rulemaking to Resolve Various Outstanding
Issues Concerning the Implementation of the Communications Assistance
for Law Enforcement Act, FCC RM-10865 (filed Mar. 10, 2004).
---------------------------------------------------------------------------
This record of disfunctionality is confirmed by a report by the
Office of the Inspector General (OIG) of the U.S. Department of
Justice, issued on April 7, 2004. The OIG's biannual audit, mandated by
CALEA, evaluates the progress of CALEA compliance, and finds broad
problems. The report notes that costs of CALEA for the PSTN have been
much higher than Congress anticipated. ``Most troubling, according to
FBI estimates, CALEA compliant software has been activated on only 10
to 20 percent of wireline equipment.'' The report also shows that the
FBI's insistence on it ``punchlist'' has caused enormous problems
within the CALEA standards setting efforts of industry. Most
remarkably, the report finds that the FBI ``was unable to demonstrate
the extent to which lawful surveillance has been adversely impacted by
the lack of CALEA implementation.'' 7
---------------------------------------------------------------------------
\7\ ``Implementation of the Communications Assistance for Law
Enforcement Act by the Federal Bureau of Investigation,'' available at
http://www.usdoj.gov/oig/audit/FBI/0419/final.pdf.
---------------------------------------------------------------------------
Simply put, CALEA has proven to be a flawed statute. As to why,
there is probably enough blame to go around. One key factor is that,
contrary to Congress' intent, the FBI exercised de facto power to
impose specific design mandates on the PSTN, and it used this power to
impose on industry surveillance features that not only went beyond the
capabilities of the traditional telephone system but that could have
been procured by law enforcement itself for less expense. For example,
the FCC imposed at least $120 million in costs on industry to obtain
one feature known as ``dialed digit extraction,'' which requires local
exchange carriers, after call set-up, to reach into the content of the
communications and extract additional dialed numbers, such as the
numbers called on a long distance calling card. The FBI could have
obtained the information it wanted by going to the providers of long
distance services, but it wanted to obtain the information more
conveniently through the local phone system. Indeed, the FBI could have
purchased the extraction devices itself and attached them as necessary,
a solution that the FBI itself estimated would cost no more than $20
million a year, but instead the FBI insisted that all carriers install
them on all switches.
Going Forward: Meeting Law Enforcement Needs in a Way Suited to the
Decentralized, Innovative Internet
Clearly, a different approach is needed for the Internet. As we
suggested at the outset, that solution must take into account the
decentralized, innovative, user-controlled nature of the Internet.
There are three possible approaches: One is the internal approach
of CALEA, which DOJ is proposing to impose on the Internet, requiring
extensive standards processes, detailed specifications, and FCC
enforcement to require access providers and service providers to build
capabilities into their equipment and software. The second is what the
FCC refers to as the ``trusted third party'' approach, in which a
service bureau sits between the service provider and the law
enforcement agency, analyzing packets, extracting signaling
information, and formatting it for the convenience of law enforcement.
There is a third approach, which is suggested by the service bureau
model: Instead of forcing industry to redesign its products and
services to meet government specifications, law enforcement should
itself develop (or acquire from the service bureaus) the capabilities
to analyze packet communications. In other words, law enforcement
should develop the capability to extract call-identifying information
from packet streams. Even CALEA only requires carriers to deliver call-
identifying information to law enforcement--it imposes no formatting
requirements on service providers. Moreover, the government will have
to develop the capability to analyze packets in-house anyhow, because
it will have to be able to deal with sophisticated criminals who can
entirely avoid service providers and communicate directly and with
custom-built protocols. Perhaps Congress should appropriate additional
funds to the FBI to keep pace with technology in this way and to
support state and local law enforcement efforts to do the same.
This third approach--a fundamentally non-regulatory approach--
illustrates how the assumptions that applied to CALEA in the PSTN are
probably inapplicable to the Internet. The Internet may not need a
detailed technical standard the way the circuit switched environment
does. The call processing technology that once existed solely in the
control of the monopolistic telephone company is now available from
third parties. This approach also has the advantage of being consistent
with the ``layered'' nature of the Internet's architecture. Arguably,
the focus of interception should be at the transport layer, not at the
application layer, and the provider of transport services should be
obligated only to isolate and deliver to law enforcement the data
stream associated with a particular subscriber. This could be coupled
with technical and legal audits to ensure that the government is only
recording what it is legally authorized to intercept.
Conclusion
Congress has taken a relatively non-regulatory approach to the
Internet and has refrained from applying to the Internet common
carriage status and other regulatory burdens applied to telephone
companies. The Internet's rapid growth and innovation attest to the
wisdom of this policy. We are now in a time of transition from the
narrowband, dial-up Internet of the past to the broadband Internet. The
high speed Internet access available via cable modem and digital
subscriber lines (DSL) is capable of carrying voice communications of
high quality, as well as numerous other applications. This is precisely
the wrong time to shoe-horn the Internet into the telecommunications
regulatory structure.
The Internet and applications like Voice over Internet Protocol
(VoIP) services are different from traditional telecommunications
services, so significantly different that they have not been and should
not be regulated under the traditional regulatory framework for
telecommunications. For reasons that are still valid today, the
Internet and Internet applications were not included in the regulatory
mandates of CALEA. After an in-depth factual inquiry in the early
1990s, Congress focused on specific problems law enforcement agencies
were encountering in carrying out surveillance in the PSTN. With CALEA,
Congress imposed design obligations on already heavily regulated
telecommunications common carriers. Congress expressly excluded the
Internet from those design mandates, not only because it was committed
to the non-regulatory approach, but also because it found no problems
on the Internet, and because it was uncertain of how surveillance
mandates would translate to the Internet.
The regulatory framework of CALEA is not suitable for the Internet
and Internet applications. The FBI and the Justice Department are
absolutely correct when they say that the world of communications has
changed dramatically since CALEA was enacted. That is exactly why
applying a 10-year-old law to this rapidly evolving technology would be
a mistake. CALEA-type mandates would drive up costs, impair and delay
innovation, threaten privacy, jeopardize Internet security, and force
development of the latest Internet innovations offshore.
Most importantly, the centralized design mandates of CALEA are not
necessary. The government itself can acquire the technology it needs to
interpret Internet communications. It will have to do so in case,
because there will always be custom-built services and applications
outside its reach. The sooner it abandons its efforts to dictate
surveillance features to industry, the sooner it can get on with the
task of keeping pace with technology.
Mr. Upton. Thank you.
At this point members will be able to ask questions for 5
minutes.
I just want to, Mr. Dempsey, go back to what you just said
in terms of talking to the cable industry. The cable industry,
and I think, Dr. Green, you will support, I mean, as you look
at VoIP it is viewed as telecommunications, and therefore, you
are subject to CALEA; is that not correct?
Mr. Dempsey. Yes, Mr. Chairman, that is correct. I think
the cable companies early on, when they viewed the possibility
of offering voice services on their networks recognized that it
was going to be necessary to comply with CALEA, and that is one
of the reasons that they tasked us, Cable Labs, to develop the
specifications or to make that a viable technical solution.
Mr. Upton. And to underscore or reiterate your testimony,
you indicated that all of the cable companies are compliant; is
that not correct?
Mr. Dempsey. As far as I am aware, all are compliant.
Mr. Upton. Now, Ms. Parsky, you indicated in your statement
and you said some carriers without regard to court ordered
CALEA, some are and some are not complying; is that correct?
Ms. Parsky. That is correct.
Mr. Upton. Can you help us in terms of who is not being
helpful? You did not name anyone by name. Obviously the cable
companies appear to be based on Dr. Green's testimony.
Ms. Parsky. Well, we have purposely not named people by
name, because we recognize that it is important for us to try
to work with the companies that are not compliant to try to get
their cooperation. I can tell you that there are companies out
there that when they have been served with interception orders
have not had the capacity built into their networks to be able
to comply with the court orders as required by CALEA.
Mr. Upton. And how would you, Mr. Thomas and Mr. Knapp,
respond to Mr. Baker's comment that it is up to you to figure
it out versus the companies themselves to comply with CALEA?
Mr. Knapp. CALEA provides that the carrier can select their
method of complying with CALEA by either using a standard or
whatever method satisfies law enforcement, and in many cases,
these standards have not been fully developed or the carrier
has argued that they needed more time to comply with the
standard.
Mr. Upton. And you have given them that time; is that not
correct?
Mr. Knapp. That is correct.
Mr. Upton. Mr. Thomas?
Mr. Thomas. Well, from our perspective I would say, first
of all, our requirements or needs in terms of law enforcement
interception were developed and are developed with an eye
toward lawful interception. So what we set out as the elements
out of a network are based on information that we need to make
rational decisions over whether we are lawfully authorized to
monitor that conversation or not. So that is where our needs
develope from.
There is no doubt that CALEA did not necessarily accomplish
one of its main goals, and that was to create an atmosphere in
which early on in design time carriers were able to reach out
and grab a ready made standard and implement it so that when
the new services were offered, there was no conflict and no
problems. It hasn't created that atmosphere.
Unfortunately, we do need that sort of an atmosphere, but
we do have to also recognize that the law enforcement community
has needs that are based upon the authorizing statutes for
doing electronic surveillance, and that is what we are trying
to implement, and we are trying to rely on the carriers who
best know their technologies to do that.
Mr. Upton. Ms. Parsky, do you want to comment?
Ms. Parsky. Well, I think that Mr. Thomas has expressed
this well. One thing that I think has been distorted is the
fact that CALEA provides for the FCC to determine what
standards need to be met in implementing CALEA. It is not the
FBI, and to the extent that the industry and the private
standards bodies are creating these standards, if they come to
the FBI and say, ``Do these standards meet your needs, your
needs that are determined by, you know, your authority to
intercept these communications?'' and when the FBI relates that
some things do and some things do not, if the industry wants to
challenge that and wants to have the FCC step in and determine
what is required, it is the FCC that makes that determination.
Mr. Upton. Dr. Green, as you indicated the cable industry
is 100 percent compliant, how do you respond to Mr. Baker's
comment that, in fact, going back to the Wall Street Journal
story that, in fact, it may drive that innovation overseas?
I mean, has that happened in the cable industry? It did
not, did it?
Mr. Green. Well, Mr. Chairman, that has not been our
experience. Obviously, these technologies are very competitive,
and they are certainly competitive worldwide. So there are
risks to technology development here. However, our experience
has been in working with U.S. manufacturers and in working with
the FBI, we were able to reach agreements which I think are in
themselves innovative solutions.
I believe that the technical details contained in our
specification amount to new innovative approaches that were
developed as a result of trying to work together to solve
problems.
Mr. Upton. Thank you.
Mr. Wynn.
Mr. Wynn. Thank you, Mr. Chairman.
Just a couple of questions. If I heard him correctly, I
believe Mr. Dempsey said that there was not an adequate factual
record in terms of what the specific problems were. So I wanted
to ask Mr. Thomas and also Ms. Parsky if you agreed with that
statement, and if not, whether you believe it ought to be on
the record or if you agree it ought to be added to the record.
If you disagree, why do you disagree with that?
Ms. Parsky. I think it is important to point out here that
in terms of a factual record of where, exactly where, law
enforcement is having trouble effectuating court orders and
conducting intercepts is something that is extremely sensitive
for law enforcement. To have to lay out a record of exactly
which services are the places that criminals and terrorists
should migrate to because that is where law enforcement is
struggling is something that requires the appropriate setting
to lay that out.
I think the other thing that is important to recognize is
that once there is a lengthy record of all the times that law
enforcement has been unable to effectuate court orders for
interception, that is too late. That is when all of those
criminals have already had the opportunity to do harm to our
society.
Mr. Wynn. Let me interject then. If I am understanding you
correctly, you are basically saying that this material would be
classified. That record that Mr. Dempsey says ought to be
established would be classified material, and perhaps not in
this forum, but in an appropriate governmental forum you would
be willing to provide that so that Members of Congress could
evaluate the record and the extent of the problems. Is that a
fair assessment of what you are saying?
Ms. Parsky. I think that a fair statement is that a great
deal of that record would be classified and we would not be
able to share that in this forum.
Mr. Wynn. Is there a forum within Congress that you believe
would be appropriate?
Ms. Parsky. In a classified forum.
Mr. Wynn. A classified forum. Would you agree with that,
sir?
Mr. Thomas. Yes, I would agree with that.
I would also just add it is important for us to establish a
factual record, but the factual record is not only made up of
specific cases where we have encountered problems, but also it
is based upon a knowledge of electronic surveillance over many,
many years and our understanding of where criminals are likely
to move and terrorists are likely to move or have already
moved.
So I would support Ms. Parsky's statement that a part of
this is also predictive.
Mr. Wynn. Well, I think those two parts are classified and
the predictive part ought to be presented to Members of
Congress at an appropriate forum so that we can then, as Mr.
Dempsey said, evaluate exactly what the problems are.
Mr. Baker, you were suggesting that a system that would
require prior FBI approval would be so burdensome as to drive
innovation abroad with respect to market testing if I
understood you correctly. What exactly is the nature of the
burden? Is it the time to be consumed in getting the approval?
Is it the demands of the standards that would be required prior
to a market test in this country, particularly in light of the
fact that Dr. Green seems to suggest that you would not have
that effect using an FBI approval system?
Mr. Baker. I think the biggest risks come in the Internet
context where today if you have a good idea, you just put it
out on the Web and see if people come and flock to it. Hotmail
started as a guy with a good idea. He said, ``Gee, why don't we
offer free E-mail accounts in exchange for people looking at
ads?'' and that became a $400 million business in about 9
months.
He did not have to get anybody's permission. He just
started the business. If, instead, he has to stop, say it is a
voice version of Hotmail, he has to stop and say, ``Well, do
you think the FBI would view that as covered by CALEA? What
would have to give them exactly if they thought it was covered
by CALEA? How would I design that into my system?'' you are
adding months of design time, and then he has to hire a
lobbyist. He has to come to Washington and hire somebody to
deal with the FCC. All of that is a burden on his ability just
to start a business.
Mr. Wynn. Let me interject because it seems like it is
somewhat speculative. Could he just go into the FBI and say,
``This is my idea. It is patented or whatever, but what do you
think? What do you need?''
I guess I am wondering whether this is actually a month
long problem, particularly if it is only a question of whether
he can market test it anyway, whether or not that cannot be
accomplished in a shorter, more reasonable period of time.
Mr. Baker. That is a very good question. I think the answer
is the FBI is not used to being a regulator. That is not what
they do. They are not used to taking risks. I think what would
go through the mind of the FBI office that was asked that
question is, well, if I say yes and it turns out badly, am I
going to get blamed. The answer is yes. If i say no and it
turns out badly, am I going to get blamed? And the answer is,
no, no one will care because they will not hear about it.
So all of the incentives are to say no. We need more
information. We cannot approve this yet. We want to see more
specs., more design, more features.
You know, I think John L. Lewis, when he led a wartime coal
strike, was asked what do the miners want and he said, ``The
miners want more.'' And in my experience in dealing with the
FBI, that is often their position. They just want more. they
want as much as you can do.
Mr. Wynn. Could I get just a response from the FBI as to
whether that is an accurate interpretation of how this process
might work?
Mr. Thomas. Well, I would not agree with all of it the way
it was said, but I would say that the CALEA statute, the way it
was written, basically puts everybody on equal footing if CALEA
applies to them. So, it is essentially, you are in it or you
are out of it, unless you can find a statutory exemption.
So it really does not put the flexibility necessarily
within the FBI's hands or the FCC's hands to say, you know, you
are out but you are in because, in part, it laid a level
playing field out for those types of carriers.
Some other nations we have seen have applied laws in a
different way that either had what you might call opt in or opt
out policies where you have exactly that procedure. Unless a
government agency tells you you must comply, you don't have to
comply, or once a government agency tells you or you have to
consult and somehow get a buyout, that is not the way CALEA as
we understand it was implemented.
Mr. Wynn. Thank you, Mr. Chairman.
Mr. Upton. Mr. Walden.
Mr. Walden. Thank you, Mr. Chairman.
Mr. Thomas, how do you respond to the 2004 DOJ Inspector
General's report finding that the FBI, and I quote, was unable
to demonstrate the extent to which lawful surveillance has been
adversely impacted by the lack of CALEA implementation?
Mr. Thomas. Well, I think my response to that is that early
on with CALEA we recognized that there would not be enough
money in the fund set up for it to cover the Internet 100
percent. We knew that before it was appropriated.
We also knew that there had to be a process, and this was
statutorily set out for deciding which technologies that were
already in place we would pay for and which one we would not.
So we had to make decisions, and that is the one procedural
place where we had decisionmaking on who was in and who was
out. Fairly early on, we made the decision to focus more
intensely on areas where we would be completely shut out of any
capability very rapidly if technology moved the way we
expected.
It turns out technology did move the way we expected, and
it was the wireless world. We focused much more energy and much
more cost from our perspective on making sure those
capabilities were in place, and I quoted a number that roughly
we can calculate from the wiretap report about 70 percent of
authorizations were for CALEA covered, CALEA capable services,
and that is a calculated number based on how many were wireless
and how much wireless we have covered.
But the point is, our goal was to apply the money we had
and the level of effort that we had to try to get the best
benefit, and I think that is what we have done.
Mr. Walden. Well, perhaps a question for both you and Ms.
Parsky. How do you respond to Mr. Baker's contention that, and
I believe I am quoting correctly, despite the crisis atmosphere
fostered by the government, the Justice Department law
enforcement have never once used the enforcement powers that
CALEA gives them?
Did you just say 70 percent of the wiretaps are under
CALEA?
Ms. Parsky. Well, if I may, I think those are referring to
two different things.
Mr. Walden. All right.
Ms. Parsky. I believe it is Mr. Dempsey who quotes the
Inspector General's report with respect to software, CALEA
compliant software only being activated on 10 to 20 percent of
wire line technology, and Mr. Thomas was pointing out that that
is a misleading quotation because where we focused our efforts
was where we thought the technology was migrating, which was to
the wireless technology, and for wireless, I think these are
rough estimates, that about 90 percent of the FBI's intercepts
are over wireless phones, and 80 percent of those 90 percent--
or the other way around: 80 percent of the wireless phones and
90 percent of those wireless intercepts are CALEA compliant.
Mr. Baker's reference to enforcement, I think, is to the
extent that the Justice Department would go to court to enforce
a company's failure to comply with CALEA. And in that regard,
what we have done is we have tried to go to the companies and
work with them; because we realize that in the long run, rather
than going through a lengthy and expensive process for them, to
the extent that we can work to show them that, in fact, their
technology, their services fall under CALEA, the importance to
national security and public safety that they be able to carry
out the intercept orders, that we want to work with them to get
them to do that.
And it has been a slow process, and our filing the recent
petition with the FCC was part of our having to take a step
that is more forceful than just going and trying to work with
the companies.
Mr. Walden. All right. I represent a very, very rural
district. It is sparsely populated, a lot of small exchange
carriers, and one of them just installed a new switch, and they
were looking, you know, at CALEA and some of the requirements
for voice over Internet protocol and said, ``We have never had
a wiretap in 30 years in this little town and now you are going
to have this new requirement in on top of us.'' I would be
curious from the panel. How do you respond to that? What do I
go back and tell these folks out in very rural Piece of Heaven?
Mr. Knapp. First of all, there are provisions in CALEA for
requesting extensions of time, and beyond that, if they can
make an argument for various reasons that the costs are not
warranted, they have that opportunity to do that under CALEA.
One of the things we tried to do in our rulemaking
proceeding is identify not only a standards approach to comply,
but also other solutions, such as use of a third party that
might make sense for people who only get an occasional wiretap
to engage the services of a company that could help them meet
the requirements of the court order.
Mr. Walden. And, Mr. Baker, do you have anything to add?
Mr. Baker. Yes, if I could just add, I do think though that
there is a problem here that shows why the FBI is just not
suited to this regulatory role. It was too hard for the FBI to
say, ``Yeah, we know. We will probably never need to do a
wiretap in your district. So we will give you a pass.''
Because from the point of view of the person who is asked
to do that if that turns out to be the wrong decision they will
be blamed, but if they make a decision that is too regulatory,
it does not cost them anything, and I think you see that bias
over and over again in the way the FBI has approached the bill.
They do not ever want to be wrong in a way that might cost
them one wiretap, and so they tend to over regulate even in
circumstances where it just doesn't make economic sense.
Mr. Walden. Mr. Knapp, maybe I can go back to you on the
technology itself then when you talk about a third party
provider. Is this a patch that they can come in and put in and
take out?
Mr. Knapp. In some cases it may involve implementing
software in existing equipment that separates out the subject's
data stream from everybody else's in part to protect privacy,
then if necessary to convert the information so that you can
pull out the call identifying information, and then prepare it
in a format that is usable on law enforcement's equipment.
Mr. Walden. But I guess the point is is it something they
can come in and insert and then remove? Could you hire somebody
to come do that with your equipment?
Mr. Knapp. That would be an option.
Mr. Walden. Okay. My colleague and I were talking. Given
the international scope of all this, how do we regulate the
Internet here and not have somebody else dump software out
there that everybody could download and use and get around
CALEA?
Mr. Dempsey. That's an important question, again, about
what price are we paying and then are we really getting the
result that we desire. The FBI is always going to have to have
the ability in house to try to deal with customized services
peer to peer in the NPRM, and the Commission recognizes that
peer to peer is not covered, that there are a range of other
services not covered. Traditional dial-up Internet access would
not be covered.
And in all of those cases the FBI still has the legal
authority to wiretap, and they have the technical capability to
access that stream because the issue really here, Congressman,
is not about content. All of the service providers are fully
capable of providing the content. It has never been a dispute.
The question is opening up those packets, breaking them apart,
analyzing them, figuring out when you do an ordinary wiretap on
a regular old fashioned phone line whether it is a fax or a
phone conversation that is coming over the line.
The FBI has always had that responsibility to bring it in
and analyze it. A little bit of the debate here is trying to
push some of that responsibility onto companies. But at the end
of the day, the law enforcement agencies are still going to
need that in-house capability for all of the other kinds of
unique things out there and for all of these other services.
I think that is a better place to look for a solution
generally rather than taking this kind of very regulatory, very
specific mandate forcing it on a few carriers when you're still
going to need that in-house capability to deal with customized
offshore, et cetera.
Mr. Walden. All right. Thank you.
Mr. Upton. Mr. Buyer.
Mr. Buyer. I was here in Congress when we did CALEA, and I
remember the balance tests that we were all struggling with. I
have tried to be a good listener to two other opinions, Mr.
Dempsey and Mr. Baker, and at the same time I am rather curious
why the dispute resolutions that Congress had set out are not
working.
Why is it necessary for you to make this petition to the
FCC? Because that is highlighting that perhaps the framework
that we laid out back then isn't working well and why it isn't
working well.
So, Ms. Parsky, when you testified just a second ago, you
said it is difficult in working with the companies. You have to
articulate that better for the justification. So could you give
us some idea? What do you mean it is just too difficult to work
with the companies?
Ms. Parsky. Well, I am not sure exactly which part of my
responses you are referring to in terms of ``too difficult to
work with the companies,'' but I believe what I was trying to
portray was the fact that we are trying to work with the
companies, and some companies are more difficult to work with
than others.
And what led to our filing the petition is the fact that we
are 10 years out from the passage of CALEA, and technology has
moved; and it is our argument that the direction it has moved
has made it clear to us that these new technologies fall within
the mandates of CALEA.
I think one of the things, I mean, there are several things
that were----
Mr. Buyer. But industry recognizes that, too, that they
have to be compliant.
Ms. Parsky. Some do and some do not. Some have just
deployed their technologies, presented them to the public, and
then decided that they would argue it out, either wait for us
to confront them on it and argue it out through the FCC, which
would take a long time and then through the court system, and
in the meantime they would be able to reap the benefits from
having the technology out there. Where for us what that means
is there is something out there that does not have the
capabilities built in to comply with court orders.
Mr. Buyer. So what did we do wrong with CALEA? What should
Congress have done right?
Ms. Parsky. Well, we are in the process of really trying to
evaluate what it is that we would need as an updated version of
CALEA going forward, because technology has changed so much.
But I think one important thing has caused confusion in
CALEA, and I think that is evidenced in Mr. Dempsey's statement
when he says that CALEA was not intended for the Internet.
And I think that there is an exemption in CALEA for
information services. It is not an exemption for the Internet.
It is not an exemption for Internet services. It is for
information services as information services were defined. But
those were information services that were storing E-mail, that
were static Web sites, but not the transmission of information
over the Internet.
The transmission of information even back 10 years ago was
recognized as something that was not included in the
information services. At that time it was through dial-ups, so
that the transmission would have been over wire lines, over
telephone lines.
Now that transmission is over cable lines. So I think it is
the confusion over the sort of parsing out of information
services and the changes in technology and how the Internet is
being used today that has caused a lot of the confusion.
Mr. Buyer. Well, I will concur with you that Congress did
not give you any wiretaps authority, but what we really
intended was for you to have access, and you know, we do not
intend to be stifling the technologies out there. I mean, we
look at at the Telecommunications Act, and it has been a
success by getting regulation out of the way and letting
innovation just really take over.
But you are outpacing law enforcement. I mean, that is the
reality. That is what our present struggle is.
Mr. Baker and Dempsey were pretty tough on you. Do you have
any comments that you would like to make in response to their
testimony?
Mr. Knapp. A couple of points because I think there are
some misunderstandings of what the Commission actually
proposed.
We rejected the notion of a pre-approval process for
technologies. We absolutely do not want whatever steps we are
taking here to constrain technology. What we are trying to do
is be very specific about what the capability requirements are
so that everybody understands going in what they are required
to do.
Leave it to industry to develop the standards, but have
certainty for the carriers so they can be assured that if they
comply with the standard that it won't be challenged.
So on the point that Mr. Dempsey raised, as we look back at
the 1994 act, we see an irreconcilable tension where, on the
one hand, its intention was to maintain law enforcement's
capability to perform wiretaps and to exclude information
services. It was not envisioned at that time that the Internet
was going to become a means for making telephone calls, but the
act provided for looking at advanced services as they unfold
and for the Commission to make a public interest finding in
those cases as to whether those services should be covered, and
that is the purpose of our rulemaking.
Mr. Buyer. So that I am not left with a bad impression, Mr.
Knapp and Mr. Thomas and Ms. Parsky, maybe you could help me
with this. Is it sort of the presumption by industry now to go
ahead and deploy and litigate, or I have got my technology;
let's try and work it out with law enforcement?
Where do you think it stands right now within the
community?
Mr. Thomas. I think from my experience it is the latter,
and that is, that for the most part, industry is moving forward
with innovation. They already in many cases have people
thinking about CALEA capabilities. Some companies just do not
believe it applies to them. Others do, but for the most part it
is not simply we are going to roll this out and see what the
Justice Department will do.
I think it is an idea of getting it out there, moving
forward, and then coming behind that and trying to work with
standard bodies, work with law enforcement. I do not think
there is that much disingenuous effort out there. I think there
is real effort.
Mr. Buyer. You know, a lot of times here in Congress we
make laws, but because of exceptions, and that is just what I
am trying to figure out if there is a much larger problem or if
we are trying to create something because of a smaller
community giving you a hard time.
Can you help me out here?
Mr. Thomas. Well, I do not think that CALEA was a badly
crafted law for the time. It did not have as much agility in
it, I think, as we are going to need going forward in the
Internet world. It is a different environment, very different,
and I think there are going to have to be tweaks to create
agility where it does not exist.
Mr. Buyer. We thought the whole future back then was voice.
Mr. Thomas. Right, and a lot of people still----
Mr. Buyer. And everybody at that table if you were willing
to admit to yourselves, we did, too, and we got it wrong. It is
all about data. That is the power.
Mr. Thomas. And a lot of people still to this day focus on
voice when they talk about CALEA, but CALEA really did not
focus on voice. It focused on wire and electronic
communications, which was very broad, but it did not quite have
the agility we need, and I do think going forward it is utterly
impossible to do what we need to do without cooperation. It is
utterly impossible.
And if we do not have a legal structure that encourages or
somehow causes or urges cooperation from industry with law
enforcement and vice versa, it will not work.
Mr. Buyer. All right. Thank you, Mr. Thomas.
Thank you, Mr. Chairman.
Mr. Upton. Thank you.
Mr. Shimkus.
Mr. Shimkus. Thank you, Mr. Chairman. I will be brief.
I have a district where I have quite a large rural size,
too, and so I echo some of the comments from Mr. Walden, and I
would just make two points of observation. One is that I do
believe in the market. So if a small, rural telephone company,
family owned, which we still have them, or co-op, you know,
have challenges, and I understand the law allows provisions to
delay or that, you would think the market would also fill the
void with specialists who come in.
If there was one every 30 years that if I was a smart guy,
I would be figuring out how to be that repairman or that
specialist that would come in and help comply with a legal
court order.
But the second thing is understanding the threat. I would
think that in the digital age crooks and criminals would go to
the areas where there is less risk of being able to be tapped
technologically. So a rural area might be a great place to set
up your scam to take money from one Account A and transfer it
electronically to Account B with the time lag of trying to put
in the provisions the legal authorization, you know, to have
access to those communication lines and then actually
technologically have them in place to go after the crooks or
criminals or in the world that we live in, terrorists.
So this is a good hearing. I do concur with my colleagues
that technology is moving quicker than our ability, and we will
have to be in this together.
Mr. Baker, I think.
Mr. Baker. Yes. I thought I would add to a response to Mr.
Walden's question and yours about the rural carriers. I will
tell you what I would have said to them under CALEA, as I
understood it before the FCC ruled. I would have said, and in
fact, I have said, if the FBI comes to you and says, ``We have
to do a wiretap. We have to hear what this guy is saying. Can
you do that?'' the answer is almost always, ``Yes, we can do
that.''
We can find a way to plug the system so that we can give
them the one wiretap they need every 30 years. What we cannot
do is give them all of these party-hold, party-join, party-
drop, crazy stuff that is in the CALEA standards that the FCC
and the FBI have approved. We just do not know how to get that
information.
And I would have said, well, if in 30 years you get one of
these and you can provide them with the content, and they do
not like that, which is unlikely, then their recourse is to sue
you, and you will be able to defend on the ground that it is
not reasonably achievable. You could not be expected to spend
that kind of money for one wiretap after 30 years, and that
there were other places that they could get the information
that they needed.
Those are all of the defenses that the statute creates for
them, and it forces the FBI to actually justify what it is
doing. Under the regulatory proposal that the FCC is putting
forward and the FBI and the Justice Department are supporting,
I would have to say to them, well, if you do not have that and
the FBI walks in with or without a wiretap, they can ask for
fines to be imposed on you tomorrow. So you have to go out and
spend the money right now.
And that is the difference between what CALEA intended and
the regulatory proposals that we are seeing out of the agencies
today.
Mr. Shimkus. But the big concern, I think, those who were
here when CALEA was initially passed was the ability of law
enforcement to have access when there is presumed bad guys
using the systems, and the threat, especially the international
terrorist threat and al-Qaeda operatives. I don't know if we
want to wait. That is the dilemma we are in.
The law enforcement, the FBI and all of these folks who are
trying to protect us, you are right. I mean, they do not want
to be on the hook for being wrong one time, and do you know
what? We do not either. We want them to have it right the first
time to hopefully preclude what has gone on in the past.
Mr. Chairman, that is all I have. I yield back.
Mr. Upton. Mr. Cox.
Mr. Cox. Thank you, Mr. Chairman.
I wonder if I could drill down a little bit on the software
side of this. I wonder if any of our witnesses feels
comfortable telling us this morning what would be the process
for a software developer to bring its product to market if it
includes the voice capability.
Are they going to have to go to the FCC, to the FBI, to the
Department of Justice? What do they do?
Mr. Knapp. It would be as simple as complying with an
industry standard. They would not have to come to the FCC for
approval to do that. So, for example----
Mr. Cox. Well, wait a second. An industry standard can only
exist for things that have been agreed upon in advance. What
happens if I am an innovator?
Mr. Knapp. The industry standard can be generic in terms of
providing information about where is the starting point of the
communication and the endpoint, without getting down into the
applications itself.
Mr. Cox. And is this something that has been included in
the Justice Department petition? Have you specified exactly how
that would work?
Ms. Parsky. What we made clear in our petition is that
CALEA does not give law enforcement, the FBI, the Department of
Justice the ability, nor should it, to dictate what the
standards are. Those who are in the best position to
innovatively devise the best ways to meet law enforcement needs
are industry themselves. So that to the extent you----
Mr. Cox. So right now we are in a position where we do not
have standards. We are hoping we can develop them. The
standards themselves would have to encompass known
technologies. They could not really credibly encompass things
that had not yet been invented.
And so anything new does what? Something that is not
definitionally covered by the agreed upon standard that
encompasses all existing technology?
Ms. Parsky. Well, to the extent that there are new
technologies and companies had questions and want to work with
the FBI for their assistance, we are more than happy to do
that.
Mr. Cox. I want to work with the FBI. What do I do? Where
do I go?
Ms. Parsky. Mark, do you want to?
Mr. Cox. Does the FBI have a private sector innovation
office where I can go and meet with people who are happy to
help me get my product to market?
Mr. Thomas. Well, I mean, there are two different issues
here. One, I think, is software developers who develop
applications. We generally do not see those people with CALEA
requirements on them. It is normally the people who offer
services of some kind to the public, as CALEA states, as common
carriers for hire essentially.
For those types of organizations, we have----
Mr. Cox. Well, hold on a second.
Mr. Thomas. Yes.
Mr. Cox. The Justice Department petition to the FCC asks
that the FCC rule that broadband Internet access be covered by
CALEA. That is at least according to your testimony, Ms.
Parsky. And so if I am now the provider of broadband Internet
access, I have got to begin worrying about all of the software
that is going to be used on my system so that I can comply with
my legal obligation, and it is not distinguishing at all, and I
do not know how it could, between the things that are agreed
upon under the standards and the things that are brand new.
So I have got to make sure that the new things which I do
not have any legal comfort on are bumped from my system and go
through some queue, and then I am going to send them to the FBI
or wherever, and then I want to know who is going to be in
charge of that.
Mr. Thomas. Well, I mean, I think the point there is for
the broadband provider. What we are saying is the obligation on
him is clear at least with regard to whether or not he has to
isolate and provide to law enforcement as CALEA requires call
content.
With regard to the call identifying information, which is
really what you more seem to be pointing at and who understands
how to reach you and pick out that particular information, I do
not think that is an issue that has actually matured yet. I do
not think anyone has a complete vision of how that will be
carried out.
I think it is probably likely that there are some services
in which the provider themselves, the access provider, say, a
cable company, is in the best position to do that work. There
are other services where they may not be in such a good
position to do that work.
There will be some applications for which no one really
will be in a good position to do that work, and ad hoc
solutions will continue to have to operate in those areas. I
think that is a bit of a balancing act that we will expect to
have to----
Mr. Cox. Mr. Chairman, here is what I am concerned about.
Congress and this committee, we in this committee, expressly
excluded information services from CALEA because we did not
want to have this collar on innovation in advance. As
information services and telecommunications services morph into
one another, we are going to have some tough calls to make, but
we surely did not make them in the statute, and we also had a
paradigm in mind in which the digital innovation that we were
thinking of as information services was excluded expressly in
the statute.
If we are now going to finesse all of this in a regulation
without amending the law, I have not any comfort that we will
not--particularly if the petition from the Justice Department
asks that the gateway for everybody's Internet service, the
broadband access, you know, be covered by CALEA--I will not
have any comfort that we will not be basically saying we are
going to treat all information services, all your E-mail, all
data transmissions, and so on the same way that we treat voice-
grade telephony for purposes of wiretap.
When Alexander Graham Bell went out and strung some wire
and began to exploit his invention of the telephone, there was
not any wiretap scheme in place. The order was innovation
first, regulation second.
What we are talking about now is a fundamental shift. We
are going to go to regulation first and innovation second, and
virtually all of these innovators are going to have to queue up
single file before a government agency in Washington before
they can come to market, and that really does give us Mr.
Baker's problem, which is that we push this stuff overseas.
And incidentally, some of the people who want to create
problems for us might well be developing software into which
they imbed their own listening algorithms and then dump it onto
our market in this way. People pick that up because it does not
bear the stamp of, you know, the U.S. Government wiretap
approved.
I think we ought to be very cautious about entering this
area, and certainly, Mr. Chairman, we ought to be very cautious
about doing it with regulation.
Mr. Dempsey, sorry.
Mr. Dempsey. Mr. Cox, I think in your dialog with Mr.
Marcus you have identified something very important here, which
is the FBI, Department of Justice at this point cannot even
identify who will bear what responsibility. So they are asking
to regulate all broadband access and all managed VoIP services
without even knowing who will have what responsibilities and
what those responsibilities will look like.
So we are putting the power of CALEA and the whole pressure
of CALEA on top of entities that we have not even really
identified yet, and we do not know what their responsibilities
will look like.
I think that one of the steps here should be, in addition
to identifying the problems, the second half of it is what will
the solutions look like, and if you regulate first and bring
either by regulation, as the FCC is proposing, or by
legislation, if you bring Internet services into the scope of
CALEA, you had better know in advance what those obligations
are going to look like and how they are going to translate
rather than leaving that to the FBI and the FCC to work out.
Mr. Cox. Well, I think my time has expired. I would just
say, Mr. Chairman, that innovation is not necessarily the
enemy. Technological innovation, which America leads in so many
respects, is the best advantage we have going for us in law
enforcement, and so we do not want to stifle it needlessly.
I yield back.
Mr. Upton. Thank you.
Mr. Stearns.
Mr. Stearns. Thank you, Mr. Chairman, and thank you for
having this hearing.
Mr. Knapp, the term ``telecommunications carrier'' appears
in both the CALEA and the Communications Act, with CALEA's
definition being much more broad and enveloping. If the FCC
determines a certain company is a telecom carrier under CALEA,
does that sentence the same company to the Title II designation
under the Communication Act?
If not, what conflicts would separate designations under
these statutes, so to speak?
Mr. Knapp. The short answer is no. A determination relative
to CALEA would not necessarily have any implication relative to
the Communications Act. Our decisions and the proposals that we
made are based on the unique provisions of CALEA, which provide
that the Commission may in the public interest include services
that are a substitute for public switched telephone service.
So we do not believe that the CALEA obligation carries with
it any implication that the Commission may apply the legacy
regulations that we have in the past under the Act.
Mr. Stearns. How does the NRPM address peer-to-peer
services that may offer VoIP be covered?
Mr. Knapp. It suggests that this is an issue that we need
to resolve. We propose to include managed services. These are
services----
Mr. Stearns. What are they?
Mr. Knapp. They are services where there is a party in
control of setting up the call and potentially controlling the
quality of the call. We did not include peer-to-peer service
which at the extreme end could be simply two people putting
software on their PCs.
Mr. Stearns. One of the goals that Mr. Boucher and I sought
in the bill we developed and dropped was to redefine these new
IP based services so that we might be able to address some of
these same questions, and so we proposed a new definition in
the context of a broad rewrite of the Telecom Act.
Do you think that would be beneficial?
And I would like to ask all of the witnesses if they think
maybe a redefinition in the Telecom Act of 1996 to include this
broader definition. I do not mind it if you do not agree with
me. So go ahead.
Mr. Knapp. I have no position on that.
Mr. Stearns. No position? Even a personal?
Mr. Knapp. No, not even a personal. Our focus here was
solely on CALEA and the provisions of CALEA.
Mr. Stearns. Okay. Why don't we just start? Would anyone
else have a comment on this?
The idea is to address some of the questions we might
redefine this new IP based service. Yes.
Ms. Parsky. Well, in terms of a broader definition of the
services, yes, the Department of Justice does not have a formal
position, but we would be happy to sit down and meet with you
and discuss the definition with you.
I think that the one concern we have with the bill that has
been proposed is an exclusion for regulations such as CALEA and
that, and I think we have addressed fully in our statements
here.
Mr. Stearns. I think we did that because of jurisdiction.
So it is nothing intentional.
Anyone else? Yes, Mr. Baker.
Mr. Baker. Yes, TIA's view is that VoIP is an information
service and ought to remain so. As for CALEA, we would really
encourage the committee if there is something that needs to be
fixed, instead of kind of schmoozing it fixed through the FCC,
the Justice Department ought to come up here and propose
regulations or legislation that would fix the problems that
they see.
And we would support having an examination of new
technologies to see what more needs to be done. It is just that
we do not think that trying to slip it in through the back door
through the FCC regulations is the way to do it.
Mr. Stearns. Good point. Okay. Mr. Dempsey or Mr. Green,
anything?
Mr. Dempsey. Well, Congressman, I would just say that we
are winding up caught in a straightjacket of telecom services,
on the one hand, information services, on the other hand. In
all likelihood, those definitions do have to be reexamined, and
along with them, the regulatory burdens that they carry or the
public policy interests that are served both on the economic
side and on the social policy side, and I think there the
question for this committee is going to have to be what
problems are there that need regulatory action in the first
place.
For most of the history of the telecommunications system,
there was no problem with carrying out wiretaps. There was no
regulation at all. It was an almost incidental byproduct of the
design of the networks.
In 1994, Congress concluded that with respect to
traditional telephone services, there were identified problems.
And now the question is with respect to new services, however
you categorize them from a regulatory, whatever word you use to
describe them, what is the problem, if any, and it has still
not been shown that there is a problem, and then what does the
solution look like.
Mr. Stearns. Mr. Chairman, my time has expired. I ask
unanimous consent to ask one more question.
Thank you for your kindness.
Mr. Green, can Cable Labs' compliance standards serve as a
model for other industry participants, or is this standard you
developed sort of unique just to cable?
Mr. Green. Well, the answer to that is basically both. We
believe it does serve as a model. Other industries have looked
at it as a model framework, but it does have some unique
features which could not--for example, this particular
specification uses a cable modem.
However, it is a multiple part standard, and various
parties of the specification could be adopted and used by other
industries. And although I am not aware of any specifically at
this point that have announced anything publicly, we do know
that people are reviewing it.
Mr. Stearns. Fair enough. Thank you, Mr. Chairman.
Mr. Upton. Mr. Pickering.
Mr. Pickering. Mr. Knapp, I do not know if you have had had
a chance to look at some of the pieces of legislation dealing
with voice over Internet. In legislation that I introduced, I
had a process that would call for the FCC to make
determinations every 6 months as to when CALEA could be
technically feasible, and at that point a collaborative process
would begin between the State, law enforcement industry, and
affected parties to then determine what is the best way to
apply CALEA or to make that accessible.
Is that something that you believe would work and is a good
way to address this issue as we go forward?
Mr. Knapp. We believe we have started the process with our
rulemaking by outlining the ways we think that parties could
comply with CALEA. At this juncture it does not appear that
there is a technical problem in achieving CALEA compliance. I
think you have heard that there are standards out there for
compliance. We talked about third parties emerging to provide
that.
So that said, we are looking for public input on the
proposals that we have made and the issues that we have raised
before we reach final decisions.
Mr. Pickering. Some would question whether under the
definition that we have in the 1996 Act of information services
and explicitly excluding that from CALEA. Do you believe that
the FCC has the legislative authority to go forward in applying
this to broadband or to information services?
Mr. Knapp. Yes, we do believe we have the authority under
the current statute to do so. Certainly there is some
interpretation involved in the current law that, as you heard
raised from some of the Commissioners, there are concerns about
potential sustainability of that in the future legally.
But we believe that we are making the right call.
Mr. Pickering. You announced your NPRM 2 weeks ago?
Mr. Knapp. August 4.
Mr. Pickering. August 4. The Solicitor General last week
agreed to appeal the California decision on how cable broadband
would be defined this week?
Mr. Knapp. End of last week.
Mr. Pickering. Was there an agreement between Justice, the
FBI, and the FCC to do so?
Mr. Knapp. No, there was not.
Mr. Pickering. Was there any discussion to do so?
Mr. Knapp. No, there was not. Certainly we were aware that
it was important to the Department of Justice and FBI as to the
Commission's reaction to the petition that was submitted.
Mr. Pickering. Mr. Thomas, Ms. Parsky, was there any
communication between the FCC and the FBI and Justice
Department concerning the Solicitor General's appeal of the
Ninth Circuit Court of Appeals decision?
Ms. Parsky. The Department of Justice has many components.
The Solicitor General's office is in the Department of Justice,
as are the Criminal Division and FBI. We in the Criminal
Division and the FBI are concerned with CALEA and with the
provisions of CALEA and with protecting law enforcement's
equities in CALEA.
So to the extent that our concerns could in any way come
into play, that is something that we obviously would be
consulting within the Department of Justice on, and we did. And
so it was something that we weighed in on, but it was more to
the extent that we were looking to make sure that if there were
any possible implications on CALEA, that we looked at those.
Mr. Pickering. Mr. Thomas?
Mr. Thomas. Basically I think Laura said it properly. We
expressed our concerns regarding any impact of either proposed
legislation or a court ruling on our ability to implement
CALEA, but there was no discussion about a quid pro quo or
anything like that.
Mr. Pickering. Do you find the timing just coincidental?
Ms. Parsky. The timing was up to the FCC.
Mr. Knapp. We have had the CALEA issue on the front burner
for many months, from the time that the petition was filed, and
we were committed to moving that forward as quickly as we
could.
Mr. Pickering. I am not saying that there is necessarily
anything wrong with reaching an agreement between the Justice
Department and the FBI and the FCC as to an appeal or not an
appeal and how does that affect the legal position of the
administration and telecom policy and trying to coordinate
policy objectives to stimulate both innovation and investment
while at the same time meeting public safety and enforcement
needs.
So I am not saying that this is anything inherently wrong,
you know. I just think that we should be transparent about it.
Mr. Chairman, with that I yield back.
Mr. Cox [presiding]. The gentleman's time has expired, and
the hearing is now at a merciful conclusion.
Mr. Dempsey, Dr. Green, Mr. Baker, Mr. Knapp, Mr. Thomas,
Ms. Parsky, thank you very much for your testimony, for your
assistance in our deliberations on these issues.
The hearing is adjourned.
[Whereupon, at 1:17 p.m., the hearing was adjourned.]
�