FCC Releases CALEA Order

[Rodney Petersen <rpetersen () EDUCAUSE EDU>]

Please excuse the cross-posts.  However, I thought that many of you would be interested in the information below 
because of the relationship to security and law enforcement investigations.
 
Rodney Petersen
Security Task Force Coordinator, EDUCAUSE
 

  _____  



September 29, 2005 

 

EDUCAUSE Members and Partners,  
 

On September 23, the Federal Communications Commission released an Order and Further Notice of Public Rule Making 
applying for the first time the Communications Assistance for Law Enforcement Act (CALEA) to facilities-based broadband 
Internet access providers, including higher education institutions, K-12 schools, libraries, and interconnected Voice 
over Internet Protocol (VoIP) service providers. The Order requires these entities to facilitate lawful requests for 
surveillance of specific communications on their data networks through a combination of new equipment, trained 
personnel, policies, and procedures, to be in place within 18 months of the filing of the ruling in the Federal 
Register. This would impose substantial new costs on the institutions involved.  (The old CALEA rules applied to 
telephone companies and focused on modifications in telephone equipment to assist with lawful surveillance of telephone 
calls.) 

Note that institutions of higher education have always provided prompt assistance in response to lawful requests for 
surveillance of both voice and data communications in the past, and they will continue to do so in the future. A 
significant issue here is one of cost effectiveness. It is not cost effective, nor in the public interest, to overhaul 
the networks of all institutions just in case a lawful surveillance may be required in the future at one of them. And, 
there are effective alternative solutions to the problem that do not impose such a substantial burden of cost to the 
community.

While requiring compliance of all institutions in 18 months, this FCC order also seeks to identify procedures through 
which exemptions from some of the CALEA requirements might be granted to certain types of organizations in the future. 
The FCC also proposes to issue another order in the future to discuss the exact nature of the CALEA capabilities for 
Internet access, appropriate compliance extensions, the absence of cost recovery, and how enforcement will be 
addressed. 

EDUCAUSE Response (To Date) 
In response to the initial Notice of Public Rule Making on this issue last year, EDUCAUSE organized a coalition 
representing higher education, K-12 schools, and public libraries, and hired Al Gidari, a noted legal expert on CALEA. 
The coalition filed comments arguing that CALEA does not cover Internet access, but if the FCC extended it to do so, 
asking for an exemption from CALEA because it is not in the public interest to require that every college, school, and 
library redesign their networks just in case a lawful request for surveillance may arise in the future. (There have 
been very few such requests in the past.) We argued that requiring full compliance with the proposed new rules would 
impose an unreasonable financial burden, increasing the costs of education and impacting innovation, with no guarantee 
of better security for our nation. (See our formal comments at http://www.educause.edu/ir/library/pdf/EPO0420.pdf 
<http://www.educause.edu/ir/library/pdf/EPO0420.pdf> )

The FCC listened to our arguments and asked our coalition to try to reach an agreement with the Department of Justice. 
We currently have a proposal before the DOJ that better meets the requirements of law enforcement, but at a lower cost 
and administrative burden to our community. 

CALEA Timeline and Next Steps 
The new FCC CALEA ruling will go into effect when published in the Federal Register, which is expected within the next 
two weeks. After that, our institutions will have 18 months to comply with the Order, unless it is stayed by lawsuits 
or if we reach an agreement with DoJ for an exemption by the FCC. We are continuing our dialogue with the DOJ, which is 
giving our CALEA-alternative proposal serious consideration. Along with its CALEA Order, the FCC issued a Further 
Notice of Proposed Rulemaking that seeks public comment on procedures to determine whether certain classes of broadband 
providers, including providers of broadband networks for educational and research institutions, should be exempt from 
some or all of CALEA's requirements. The ruling language explicitly states that the FCC has reached no conclusions in 
their CALEA Order on whether an exemption might be warranted, and that more information is necessary before making a 
final decision. In response to this latest ruling, EDUCAUSE plans to submit further comments to the FCC regarding our 
proposed approach to any exemption. Public comments are due within 30 days of publication of the FNPRM in the Federal 
Register. (Note again, though, that the new NPRM and our discussions with DOJ do NOT exempt our institutions from the 
requirement of compliance in 18 months at this time.)

EDUCAUSE will continue to keep you abreast of any new information and our progress with the Department of Justice.  We 
welcome your comments and questions. 

Best regards, 
Mark Luker, Vice President 
EDUCAUSE 

Resources 
For more information on CALEA and EDUCAUSE's actions to date: 
EDUCAUSE Policy Program Website (scroll down to CALEA): http://www.educause.edu/policy <http://www.educause.edu/policy> 
 
EDUCAUSE Comments on CALEA (under Telecommunications): http://www.educause.edu/AdvocacyLibrary/1297  
<http://www.educause.edu/AdvocacyLibrary/1297 >  
FCC's CALEA Order and Related NPRM (released 9/23/05): http://www.fcc.gov/ <http://www.fcc.gov/>