FCC Third Report and Order, on CALEA,

CC Docket No. 97-213, FCC 99-230 (Aug. 26, 1999)

       
In the Matter of:                  )
                                   )
Communications Assistance for      )  CC Docket No. 97-213
Law Enforcement Act                )
                                   )

THIRD REPORT AND ORDER

     Adopted: August 26, 1999      Released: August 31, 1999

By the Commission:

TABLE OF CONTENTS

Paragraph No.

I.    INTRODUCTION  1
II.   BACKGROUND  2
III.  DISCUSSION  12
     A. General Comments  12
          1. Scope of Proceeding  12
          2.  Definition of "Reasonably Available"  14
          3. Retrofitting Equipment under Interim Standard  32
          4. Compliance Date for Interim Standard  34
     B. Particular Capabilities of J-STD-025 Opposed by CDT, EFF, EPIC, and ACLU  37
          1. Location information  37
          2. Packet-Mode  47
     C.  DoJ/FBI Punch List  57
          1. Content of subject-initiated conference calls  58
          2. Party hold, join, drop on conference calls  68
          3. Subject-initiated dialing and signaling information  76
          4. In-band and out-of-band signaling  
          5. Timing information  90
          6. Surveillance status  97
          7. Continuity check tone  102
          8. Feature status  107
          9. Dialed digit extraction  112
     D. Disposition of J-STD-025 Modifications  124
     E. Other Technologies and Systems  130
     F. Other Matters             134
     G. Summary of Findings  138
IV.   PROCEDURAL MATTERS  139
     A. Final Regulatory Flexibility Analysis  139
     B. Paperwork Reduction Act of 1995 Analysis  157
V.    ORDERING CLAUSES  158
VI.   APPENDIX A: FINAL RULES
VII.  APPENDIX B: MANUFACTURERS' REVENUE ESTIMATES
VIII. APPENDIX C: COMMENTING PARTIES

I. INTRODUCTION

     1. In this Third Report and Order (Third R&O), the Commission adopts technical requirements for wireline, cellular, and broadband Personal Communications Services (PCS) carriers to comply with the assistance capability requirements prescribed by the Communications Assistance for Law Enforcement Act of 1994 (CALEA, or the Act). Specifically, we require that all capabilities of J-STD-025 (interim standard) and six of nine "punch list" capabilities requested by the Department of Justice (DoJ)/Federal Bureau of Investigation (FBI) be implemented by wireline, cellular, and broadband PCS carriers. While we are requiring that a packet-mode capability be implemented by such carriers, we are not at this time adopting technical requirements for packet-mode communications, but will permit packet-mode data to be delivered to law enforcement under the interim standard, discussed below, pending further study of packet-mode communications by the telecommunications industry.

II. BACKGROUND

     2. CALEA, enacted on October 25, 1994, was intended to preserve the ability of law enforcement officials to conduct electronic surveillance effectively and efficiently in the face of rapid advances in telecommunications technology. In enacting this statute, however, Congress recognized the need to protect privacy interests within the context of court- authorized electronic surveillance. Thus, in defining the terms and requirements of the Act, Congress sought to balance three important policies: "(1) to preserve a narrowly focused capability for law enforcement agencies to carry out properly authorized intercepts; (2) to protect privacy in the face of increasingly powerful and personally revealing technologies; and (3) to avoid impeding the development of new communications services and technologies."

     3. Section 103 of CALEA establishes four general "assistance capability requirements" that carriers must meet to achieve compliance with CALEA. Section 103(a) requires that a telecommunications carrier shall ensure that its equipment, facilities, or services that provide a customer or subscriber with the ability to originate, terminate, or direct communications are capable of:

(1) expeditiously isolating and enabling the government, pursuant to a court order or other lawful authorization, to intercept, to the exclusion of any other communications, all wire and electronic communications carried by the carrier within a service area to or from equipment, facilities, or services of a subscriber of such carrier concurrently with their transmission to or from the subscriber's equipment, facility, or service, or at such later time as may be acceptable to the government;

(2) expeditiously isolating and enabling the government, pursuant to a court order or other lawful authorization, to access call-identifying information that is reasonably available to the carrier--

(A) before, during, or immediately after the transmission of a wire or electronic communication (or at such later time as may be acceptable to the     government); and

(B) in a manner that allows it to be associated with the communication to which it pertains,

except that, with regard to information acquired solely pursuant to the authority for pen registers and trap and trace devices (as defined in section 3127 of title 18, United States Code), such call-identifying information shall not include any information that may disclose the physical location of the subscriber (except to the extent that the location may be determined from the telephone number);

(3) delivering intercepted communications and call-identifying information to the government, pursuant to a court order or other lawful authorization, in a format such that they may be transmitted by means of equipment, facilities, or services procured by the government to a location other than the premises of the carrier; and

(4) facilitating authorized communications interceptions and access to call- identifying information unobtrusively and with a minimum of interference with any subscriber's telecommunications service and in a manner that protects--

(A) the privacy and security of communications and call-identifying information not authorized to be intercepted; and

(B) information regarding the government's interception of communications and access to call-identifying information.

     4. Section 107(a)(2) of CALEA contains a "safe harbor" provision, stating that "[a] telecommunications carrier shall be found to be in compliance with the assistance capability requirements under section 103, and a manufacturer of telecommunications transmission or switching equipment or a provider of telecommunications support services shall be found to be in compliance with section 106, if the carrier, manufacturer, or support service provider is in compliance with publicly available technical requirements or standards adopted by an industry association or standard- setting organization, or by the Commission under subsection (b), to meet the requirements of section 103." Section 107(b) authorizes the Commission, upon petition, to establish rules, technical requirements or standards necessary for implementing section 103 "[i]f industry associations or standard-setting organizations fail to issue technical requirements or standards or if a Government agency or any other person believes that such requirements or standards are deficient."

      5. Subcommittee TR45.2 of the Telecommunications Industry Association (TIA) developed the interim standard to serve as a "safe harbor" for wireline, cellular, and broadband PCS carriers and manufacturers under section 107(a) of CALEA. That standard defines services and features required by wireline, cellular, and broadband PCS carriers to support lawfully authorized electronic surveillance, and specifies interfaces necessary to deliver intercepted communications and call-identifying information to a law enforcement agency (LEA). Several parties filed petitions for rulemaking with the Commission, pursuant to section 107(b) of CALEA, contending that the interim standard was either overinclusive or underinclusive. Specifically, DoJ/FBI argue that the interim standard is underinclusive and does not satisfy CALEA requirements because it fails to include the following nine essential capabilities:

1) Content of subject-initiated conference calls -- Capability would enable law enforcement to access the content of conference calls supported by the subject's service (including the call content of parties on hold).

2) Party hold, join, drop -- Messages would be sent to law enforcement that identify the active parties of a call. Specifically, on a conference call, these messages would indicate whether a party is on hold, has joined or has been dropped from the conference call.

3) Subject-initiated dialing and signaling information -- Capability would provide a LEA access to all dialing and signaling information available from the subject would inform law enforcement of a subject's use of features (such as the use of flash-hook and other feature keys).

4) In-band and out-of-band signaling (notification message) -- A message would be sent to a LEA whenever a subject's service sends a tone or other network message to the subject or associate (e.g., notification that a line is ringing or busy).

5) Timing information -- Information necessary to correlate call-identifying information with the call content of a communications interception would be sent to a LEA.

6) Surveillance status -- A message that would verify that an interception is still functioning on the appropriate subject would be sent to a LEA.

7) Continuity check tone (c-tone) -- An electronic signal would alert a LEA if the facility used for delivery of call content interception has failed or lost continuity.

8) Feature status -- A message would affirmatively notify a LEA of any changes in features to which a subject subscribes.

9) Dialed digit extraction -- Information sent to a LEA would include those digits dialed by a subject after the initial call setup is completed.

     6. The Center for Democracy and Technology (CDT), Electronic Frontier Foundation (EFF), Electronic Privacy Information Center (EPIC), and American Civil Liberties Union (ACLU) argue that the interim standard is overinclusive because it includes location information and packet- mode communications capabilities. Specifically, the interim standard includes a location parameter that would identify the location of a subject's "mobile terminal" whenever this information is reasonably available at the intercept access point and its delivery to law enforcement is legally authorized. Location information would be available to the LEA irrespective of whether a call content channel (CCC) or a call data channel (CDC) was employed. The interim standard also provides for LEA access to call-identifying information and the interception of wire and electronic telecommunications, regardless of whether the telecommunications are carried in circuit-mode or in packet-mode. The interim standard further states that the "call-identifying information associated with the circuit-mode content surveillance is provided on the [call data channel]," but does not specifically address whether call-identifying information, if any, associated with packet-mode surveillance must be provided over a call data channel.

     7. The Commission released a Further Notice of Proposed Rule Making (Further NPRM) in this proceeding to address alleged deficiencies in the interim standard. In the Further NPRM, we stated that we did not intend to reexamine any of the uncontested technical requirements of the interim standard, but would make determinations only regarding whether the 11 disputed capabilities met the assistance capability requirements specified in section 103 of CALEA.

     8. The Further NPRM tentatively concluded that the provision by carriers to LEAs of location information and five punch list capabilities is necessary to meet the assistance capability requirements under section 103(a). Those five punch list capabilities are subject-initiated conference calls; party hold, join, drop on conference calls; subject-initiated dialing and signaling information; and timing information. The Further NPRM also sought comment on whether the dialed digit extraction (post-cut-through digits) capability is necessary to meet the assistance capability requirements under Section 103(a). The Further NPRM also tentatively concluded that three punch list capabilities--surveillance status, continuity check tone and feature status--were not assistance capability requirements under Section 103(a).

     9. We emphasized in the Further NPRM that we were directed, pursuant to section 107(b) of CALEA, to take into account five factors in our analysis of deficiency petitions brought to our attention. Those factors are: (1) meeting the assistance capability requirements of section 103 by cost-effective methods; (2) protecting the privacy and security of communications not authorized to be intercepted; (3) minimizing the cost of CALEA compliance on residential ratepayers; (4) serving the policy of the United States to encourage the provision of new technologies and services to the public; and, (5) providing a reasonable time and conditions for CALEA compliance.

     10. We also tentatively concluded in the Further NPRM that, if the additional technical requirements we proposed were adopted, they could be most efficiently implemented by permitting TIA to modify J-STD-025 in accord with our determinations. We stated that although TIA may have to undertake additional work to implement the additional technical requirements identified in the Further Notice, it has the experience and resources to develop technical specifications and implement CALEA's requirements most rapidly.

     11. Finally, we sought comment in the Further NPRM on what role, if any, we can or should play in assisting telecommunications carriers other than wireline, cellular, and broadband PCS to set standards for, or to achieve compliance with, CALEA's requirements.

III. DISCUSSION

A. General Comments

1. Scope of Proceeding

     12. We stated in the Further NPRM that the uncontested technical requirements of the interim standard are beyond the scope of this proceeding. EPIC, EFF, and ACLU, challenge this tentative conclusion. They argue that our decision to foreclose comment on "uncontested" issues improperly insulates the interim industry standard from public scrutiny, is inconsistent with the requirements of the Administrative Procedure Act, and undermines the value of our authority over the process that led to the standard.

     13. Discussion. We find no need to reexamine the entire interim standard. CALEA provides that the Commission establish technical requirements or standards upon being petitioned by a government agency or other person, where industry fails to issue technical requirements or standards or such government agency or person believes the technical requirements or standards are deficient. As discussed in the Further NPRM, a draft industry standard was submitted for balloting in spring 1997 to all interested participants under procedures of the American National Standards Institute. Subsequently, petitions for rulemaking were filed with the Commission, pursuant to section 107(b), contending that the interim standard was deficient; however, none of these petitions raised any issue pertaining to the interim standard other than those relating to location information, packet-mode communications, and the DoJ/FBI punch list. Further, on April 20, 1998, our Wireless Telecommunications Bureau and Office of Engineering and Technology issued a Public Notice in this proceeding that solicited specific comment on the scope of the assistance capability requirements necessary to satisfy the obligations imposed by CALEA. Again, no deficiencies in the interim standard were identified other than with respect to location information, packet-mode communications, and the punch list. We find that no other issues were raised before the Commission regarding the interim standard. Since section 107(b) requires the Commission to resolve specific disputes raised by petition regarding alleged deficiencies in the industry standard, we decline to consider other aspects of that standard not challenged in this proceeding. Moreover, by focusing only on those specific technical issues properly raised before us, we will achieve greater efficiency and will permit telecommunications manufacturers and carriers to deploy CALEA solutions on a more expedited basis. Accordingly, we find that wireline, cellular, and broadband PCS carriers must comply with all uncontested requirements of the interim industry standard by June 30, 2000.

2. Definition of "Reasonably Available"

Call-identifying information is reasonably available if (1) it is present in an element in the carrier's network that is used to provide the subscriber with the ability to originate, terminate, or direct communications and (2) it can be accessed there, or can be delivered to an IAP located elsewhere, without unreasonably affecting the call processing capabilities of the network.

3. Retrofitting Equipment under Interim Standard

4. Compliance Date for Interim Standard

     34. AirTouch Communications, Inc. (AirTouch); BellSouth Corporation, Inc., BellSouth Telecommunications, Inc., BellSouth Cellular Corp., BellSouth Personal Communications, Inc., and BellSouth Wireless Data, L,P. (BellSouth); and SBC Communications, Inc. (SBC) question whether the current June 30, 2000 deadline for implementation of the core requirements of the interim standard is achievable. AirTouch states that we should acknowledge in this Third R&O that additional extensions may be necessary; BellSouth states that only one of its vendors has promised to meet the current deadline; and SBC states that the delivery schedule contemplated by its vendors will not allow for the extensive testing required to ensure that its deployment is in compliance with the interim standard, nor does this schedule allow a sufficient period for deployment across SBC's entire network.

     35. Discussion. We see no reason at this time to extend, on an industry wide basis, the June 30, 2000 deadline for compliance with CALEA's section 103 capability requirements that are covered by the interim standard. We observe that the deadline specified in the Act was October 25, 1998; thus, we have already extended the original deadline by more than 20 months. In our Extension Order, we stated:

[W]e will require carriers to have installed CALEA-compliant equipment and facilities based on the core J-STD-025 standard by June 30, 2000. This is a firm deadline. If this standard is ultimately modified and new capabilities or features are added to the core standard in the section 107(b) rulemaking, we will consider establishing a separate deadline for upgrading carrier equipment and facilities to comply with those capabilities or features in that proceeding pursuant to our authority under section 107(b)(5). This approach provides certainty to the telecommunications industry in developing and installing CALEA-compliant solutions, and recognizes the interests of law enforcement in providing effective public safety. It also seeks to allow carriers to implement a CALEA-compliant solution sooner, rather than later, while providing the flexibility to design modifications to the core J-STD-025 standard that can be installed in carrier equipment and facilities in subsequent upgrades, if any such modifications are adopted in the section 107(b) rulemaking proceeding.

     36. Therefore, carriers and manufacturers have been on notice since the September 1998 Extension Order that we considered June 30, 2000 a "firm" deadline for the section 103 capability requirements covered by the J-STD-025. Additionally, as discussed in paragraph 129, infra, we find the record justifies the establishment of a separate later deadline for the additional capabilities that we are herein mandating for wireline, cellular, and broadband PCS carriers. We also note that DoJ/FBI is currently negotiating with carriers regarding areas where wiretaps are infrequent, and these carriers may be permitted to postpone CALEA compliance in those areas. Accordingly, we understand that DoJ/FBI and/or the affected carriers may seek an extension under section 107(c) of CALEA of the June 30, 2000 deadline in conformance with such agreements. We therefore will await receipt of such requests before deciding on a new deadline for the affected carriers. We expect that along with such requests, DoJ/FBI will submit a list of the affected carriers and the terms of such extensions so that we may place such information on Public Notice for comment.

B. Particular Capabilities of J-STD-025 Opposed by CDT, EFF, EPIC, and ACLU

1. Location Information

     37. Background. J-STD-025 includes a "location" parameter that would identify the location of a subject's "mobile terminal" whenever this information is reasonably available at the intercept access point and its delivery to law enforcement is legally authorized. Location information would be available to the LEA irrespective of whether a call content channel or a call data channel was employed.

     38. The Further NPRM tentatively concluded that location information falls under the definition of call-identifying information set forth in section 102(2) of CALEA because location information identifies the origin or destination of a communication. Therefore, the Further NPRM proposed that where location information is reasonably available to a carrier, provision of that information to LEAs is necessary to meet the mandates of section 103. The Further NPRM also proposed that location information necessary to meet section 103 would include only the subject's cell site location at the beginning and termination of a call. Finally, the Further NPRM tentatively concluded that for a LEA to obtain location information that cannot be determined from the telephone number, the LEA must have an authorization different from the minimal authorization necessary for use of pen registers and trap and trace devices.

     39. Comments. CDT states that our tentative decision to require carriers to design a location capability into wireless phones cannot be supported by the plain words of CALEA and, further, directly contradicts the Act's legislative history, which states that location information is not a CALEA mandate. CDT contends that the words "origin" and "destination" have obvious meanings apart from location, and that interpreting those terms to also mean cell site location violates a fundamental rule of statutory interpretation -- that each word in a statute should be given a single and unique meaning. Also, CDT contends that the location of wireless phones is more personally revealing than the location of wireline phones because when a call is made on a wireless phone it almost always is made by the individual subscriber.

     40. EPIC, EFF, and ACLU generally agree with CDT, arguing that CALEA contains no provisions expressly including location tracking data within the definition of call-identifying information. EPIC, EFF, and ACLU also contend that the interim standard is internally inconsistent because it proposes to require carriers to provide location tracking data at the beginning and end of calls as part of their duty to provide information regarding the "origin" and "destination" of particular communications, but the definition of those terms in the interim standard does not pertain to physical location.

     41. US West states that the location information capability in the interim standard is not call-identifying information under section 103(a). US West argues that CALEA's definition of call- identifying information requires carriers to provide LEAs with telephone numbers, not other characteristics of calls. US West maintains that while a LEA generally is able to derive a target's physical location from a telephone number for most wireline calls, that ability is incidental and should not be read as an underlying mandate of CALEA.

     42. DoJ/FBI argue that location information is call-identifying and state that, irrespective of whether we modify the definition of "reasonable availability" as they propose, there is no need for us to interpret or construe this term differently in connection with location information than in connection with the other kinds of call-identifying information at issue in this proceeding. DoJ/FBI state that they agree that the interim standard requires only that cell site location at the beginning and end of a call be provided, and maintain that CALEA embodies a compromise regarding location information: When a LEA is proceeding "solely pursuant to the authority for pen registers and trap and trace devices," carriers are not to treat location information as call-identifying information, but when a LEA has been duly authorized to acquire location information under other electronic surveillance statutes, location information remains part of call-identifying information. DoJ/FBI contend that the interim standard is consistent with this intent, while CDT's position is not. DoJ/FBI state that it is not the case, as CDT suggests, that the Commission's reading of "origin" and "destination" gives those terms different meanings for wireless and wireline communications. DoJ/FBI contend that those terms encompass location both in the wireless and wireline settings, but that in the case of wireline communications the fixed location of the subscriber's terminal means that the telephone number of the terminal identifies the location of the call, and so no separate location information is required.

     43. The New York City Police Department (NYPD) argues that any location information that is used and/or is available within a carrier's network for the purpose of providing overall service and/or processing of individual calls should be considered by us to be reasonably available to the carrier in the case of location of wireless devices. However, NYPD expresses concern about our proposal to adopt cell site location rather than a more precise location for the subject's mobile terminal. NYPD contends that such a broad definition could limit the scope of existing electronic surveillance authority. For example, NYPD states that in criminal cases where triangulation techniques that allow location to be determined with exactitude have been authorized by a court, carriers might be reluctant to assist a LEA to determine a more precise location than a cell site.

     44. Discussion. We find that a subject's cell site location at the beginning and end of a call is call-identifying information under CALEA. The Act states that call-identifying information is "dialing or signaling information that identifies the origin, direction, destination, or termination of each communication generated or received by a subscriber by means of any equipment, facility, or service of a telecommunications carrier." We find, contrary to the position of CDT and EPIC/EFF/ACLU, that a subject's cell site location at the beginning and end of a call identifies the "origin" or "destination" of a communication and thus is covered by CALEA. With respect to CALEA's express statement that "with regard to information acquired solely pursuant to the authority for pen registers and trap and trace devices (as defined in section 3127 of title 18, United States Code), . . . call-identifying information shall not include any information that may disclose the physical location of the subscriber (except to the extent that the location may be determined from the telephone number)," we agree with DoJ/FBI that this provision does not exclude location information from the category of "call-identifying information," but simply imposes upon law enforcement an authorization requirement different from that minimally necessary for use of pen registers and trap and trace devices.

     45. Additionally, we find that location information is reasonably available to cellular and broadband PCS carriers. We observe that this capability was developed by industry and is included in the interim standard. Further, as we observed in the Further NPRM, in the wireline environment LEAs have generally been able to obtain location information routinely from the telephone number because the telephone number usually corresponds with location. With the telephone number, location information is available from a LEA's own 911/Enhanced 911 (E911) database or from the telephone company's electronic records, such as the Loop Maintenance Operating System (LMOS). We also note that the equivalent location information in the wireless (cellular or broadband PCS) environment appears to be the location of the cell sites to which the mobile terminal or handset is connected at the beginning and at the termination of the call. Provision of this particular location information does not appear to expand or diminish law enforcement's surveillance authority under prior law applicable to the wireline environment.

     46. We will not, however, mandate a location tracking capability in this proceeding. While NYPD believes that a capability that identifies location more precisely would be useful to LEAs, we are concerned that such a capability poses difficulties that could undermine individual privacy. We believe that a more generalized capability that will identify only the location of a cell site, and only at the beginning and termination of the call, will give LEAs adequate information. We note, however, that our decision herein does not preclude LEAs from requesting legal authority to acquire more specific location information in particular circumstances. Accordingly, as has been agreed to by both DoJ/FBI and the telecommunications industry, we mandate a location capability that will identify cell site location at the beginning and termination of a call. As proposed in the Further NPRM, we require that this capability be deployed by carriers by the June 30, 2000 CALEA compliance deadline, unless carriers have obtained an extension.

2. Packet-Mode

     47. Background. J-STD-025 provides for LEA access to call-identifying information and the interception of wire and electronic telecommunications, regardless of whether the telecommunications are carried in circuit-mode or in packet-mode. It further states that the "call- identifying information associated with the circuit-mode content surveillance is provided on the [call data channel]," but does not specifically address whether call-identifying information, if any, associated with packet-mode surveillance must be provided over a call data channel.

     48. The Further NPRM noted that packet data and packet-switching technology are potentially usable for both information services and telecommunications services, but that such technology is subject to CALEA requirements only to the extent it is used to provide telecommunications services, and not for information services. The Further NPRM also noted that privacy concerns could be implicated if carriers were to give to LEAs packets containing both call- identifying and call content information when only the former was authorized. The Further NPRM tentatively concluded that the record is not sufficiently developed to support any particular technical requirements for packet-mode communications, and therefore did not propose technical requirements for such communications. However, the Further NPRM sought comment on a wide range of issues to develop a sufficient record.

     49. Comments. EFF, EPIC, and ACLU state that our cautious approach regarding packet- mode communications is correct, and that it is critical that we adequately protect the privacy of communications carried on packet-mode systems. They state that the interim standard's requirement to deliver the entire packet data stream associated with a given communication violates the privacy provisions of section 103. Therefore, according to EFF, EPIC, and ACLU, until carriers are able to protect the privacy of communications carried over packet-mode systems, we should refrain from adopting capability requirements for such systems.

     50. CDT states that carriers using packet technologies have an obligation under CALEA to protect privacy by distinguishing between call content and call-identifying information, so that a LEA does not intercept the former when it has only the narrower authority for the latter. CDT contends that DoJ/FBI acknowledge that protecting privacy by distinguishing between call content and call-identifying information is technically trivial, but states that DoJ/FBI believe there is no obligation on carriers to protect privacy. CDT states that we should not wait until packet technologies are more fully deployed to clarify that carriers have an obligation to protect individual privacy.

     51. AT&T supports our tentative conclusion that packet-mode technologies may require differing CALEA solutions. AT&T states that it believes that if we defer setting packet-mode communications standards in this proceeding, industry associations will take up the issue on their own.

     52. TIA states that the telecommunications network is rapidly evolving toward a packet- based architecture. TIA cautions that the Commission not stifle the continued development of packet-mode technologies by imposing a solution that could require the redesign (or even abandonment) of certain technologies. TIA recommends that we consider establishing a separate packet-mode standard-setting effort within it.

     53. US West argues that risks to advanced services and the Internet support the deferral of any CALEA requirements on packet networks, at least until CALEA can be implemented without inhibiting the development of advanced telecommunications services. It further states that because many packet-mode communications will avoid the circuit-switched network altogether, carriers and manufacturers will have to develop and install CALEA solutions for different network elements from those used in circuit-switched networks. Additionally, US West asserts that separating the header from content in packet-mode communications is not feasible because packet data is delivered in a layered stack structure, and carriers have neither the ability nor any business reason to monitor packet data streams and then decipher the various protocols.

     54. DoJ/FBI argue that the interim standard's treatment of packet-mode communications in pen register cases does not conflict with anything in CALEA, and hence that standard is not deficient in this regard. DoJ/FBI state that, as a technical matter, it is perfectly feasible for a LEA to employ equipment that distinguishes between a packet's header and its communications payload and makes only the relevant header information available for recording or decoding. DoJ/FBI further state that the statutory distinction between telecommunications carriers and providers of information services does not correspond to any distinction between packet-mode and circuit-mode communications; therefore, the use of packet-mode protocols does not turn the transmission of a wire or electronic communication by a telecommunications carrier into the provision of information services.

     55. Discussion. We find that the approach taken with regard to packet-mode communications in J-STD-025 raises significant technical and privacy concerns. Under this standard, LEAs would be provided with both call-identifying information and call content even in cases where a LEA is authorized only to receive call-identifying information (i.e., under a pen register). We are aware that packet-mode technology is rapidly changing, and that different technologies may require differing CALEA solutions for separating call-identifying information from call content. We also recognize that we must avoid implementing CALEA requirements that could impede the development of new technologies. We do not believe that the record sufficiently addresses packet technologies and the problems that they may present for CALEA purposes. For example, some packet technologies (e.g., frame relay, ATM, X.25) are connection oriented--i.e., there are call set-up and take-down processes, similar to those used in circuit switched voice networks, whereby addressing information is made available to the carrier separate from and before call content is transmitted. Other packet technologies (e.g., internet protocol based solutions) would not be processed this way. We believe that further efforts can be made to find ways to better protect privacy by providing law enforcement only with the information to which it is lawfully entitled. We note that TIA recommends further study of this matter. Accordingly, we invite TIA to study CALEA solutions for packet-mode technology and report to the Commission in one year on steps that can be taken, including particular amendments to J-STD-025, that will better address privacy concerns. In the interim, we find that packet-mode communications, including call-identifying information and call content, may be delivered to law enforcement under the interim standard. Further, we are herein requiring that packet-mode communications be delivered to LEAs under that standard no later than September 30, 2001. That date is 15 months after the June 30, 2000 CALEA compliance deadline, and will afford manufacturers that have not yet developed a packet-mode capability the time needed to do so.

     56. We recognize that the solution we have crafted above is not perfect because a LEA may receive both call identifying information and call content under a pen register. We note, however, that independent legal barriers exist which will protect, to a certain extent, the privacy rights of individuals until a permanent solution is developed. In particular, under this interim arrangement the LEA will be legally prohibited from using any content information in a court proceeding if it has only a pen register or trap and trace authorization. We find, therefore, that in weighing the factors identified under section 107(b) of CALEA--that is, in particular, (1) to meet the assistance capability requirements of section 103 by cost effective methods, (2) to protect the privacy and security of communications not authorized to be intercepted, and (3) to encourage the provision of new technologies and services to the public --we believe that the above solution provides the most suitable temporary remedy available at this time. We emphasize, however, that we intend this solution to be only an interim one. We recognize that, in view of the growing importance of packet-mode communications, a timely permanent solution is essential. Accordingly, we expect that TIA will deliver a report to us no later than September 30, 2000 that will detail a permanent solution, keeping in mind the objectives underlying CALEA which are described in paragraph 2, supra.

C. DoJ/FBI Punch List

     57. Section 103(a)(1) of CALEA authorizes telecommunications carriers to provide to LEAs call content information, pursuant to a court order or other lawful authorization; and section 103(a)(2) of CALEA authorizes telecommunications carriers to provide to LEAs call- identifying information, pursuant to a court order or other lawful authorization. Call-identifying information, however, must be provided only if it is reasonably available to the carrier. The Further NPRM tentatively concluded that the provision by carriers to LEAs of the content of subject-initiated conference calls is authorized by section 103(a)(1); and that party hold, join, drop on conference calls, subject-initiated dialing and signaling information, timing information, and dialed digit extraction constitute call-identifying information under section 102(2) of CALEA and therefore must be provided, where reasonably available, under section 103(a)(2).

1. Content of subject-initiated conference calls

     58. Background. This capability would permit the LEA to monitor the content of conversations connected via a conference call set up by the facilities under surveillance. Surveillance of all portions of a conference call would continue, even if any party to the call utilized services such as hold, call waiting, or three-way calling. For example, if anyone involved in a conference call were placed on hold, all remaining conversations would continue to be available to the LEA for monitoring. The ability to monitor would continue even after the subject drops off the conference call.

     59. The Further NPRM tentatively concluded that the provision to LEAs of the content of subject-initiated conference calls is a technical requirement that meets the assistance capability requirements of section 103(a) of CALEA.       The Further NPRM also sought comment as to how the Commission should define or interpret section 103's use of the phrase "equipment, facilities, or services" in the context of subscriber-initiated conference calls. The five manufacturers' aggregate revenue estimate for this capability is $37 million.

     60. Comments. TIA states that the interim standard already provides LEAs access to the content of most conference calls. TIA contends that access is not provided in only a few situations in which the subject's terminal equipment is not connected to the call. TIA further contends that while providing this capability to LEAs is technically feasible, it would require a large redeployment effort by most manufacturers -- particularly with respect to provisioning a separate call content channel to monitor the conversations of any parties on hold.

     61. Bell Atlantic argues that providing the conference calling feature as proposed would give LEAs an expanded capability. Bell Atlantic states that while multi-party calling services and conference calling have been available for many years, LEAs have not had the ability to monitor all parties to a multiparty conference call after the subject of the surveillance has left the call or has put the call on hold. EPIC, EFF, and ACLU agree that our proposal would permit expanded access to conversations of participants in subject-initiated conference calls, and they contend that this expansion would be inconsistent with statutory and constitutional limitations because it would expand the facilities doctrine of Title III of the Omnibus Crime Control and Safe Streets Act of 1968, as modified by the Electronic Communications Privacy Act of 1986. EPIC, EFF, and ACLU state that a LEA with authority to monitor only the subject's facilities should not be permitted to trace conversations on network resources once the subscriber disconnects.

     62. AT&T states that not all conference calls are subscriber-based. It maintains that on- demand services such as "Meet Me" conference calling, in which the carrier or a third party provider makes a conference bridge available to anyone, are not covered by CALEA because there is no subscriber. Ameritech agrees, stating that conference bridging services must be excluded because they are not "equipment, facilities, or services of a subscriber." Ameritech contends that such services do not permit carriers to know when conference calls will occur and which telecommunications providers will be used to establish the calls.

     63. DoJ/FBI contend that the proposed conference calling capability is consistent with CALEA. They maintain that when a subscriber's service supports the ability of other participants in a conference call to continue to speak to one another when the subscriber places them on hold or hangs up, the conversations of these other participants constitute "communications" to or from the subscriber's "equipment, facilities, or services," and therefore come within the scope of section 103(a)(1). DoJ/FBI also assert that call hold is similar to call forwarding, which the legislative history of the Act makes clear was one of the principal features that Congress intended to reach when it enacted CALEA. DoJ/FBI state that the facilities of callers who have been placed on hold are supported by the subscriber's conference calling service even if the communication is no longer routed through the subscriber's switch to his terminal equipment. DoJ/FBI further argue that commenters' arguments that meet-me conference services are outside the scope of a carrier's obligations under section 103 is repudiated by the interim standard. DoJ/FBI state that a party that contracts for meet- me conference service is no less a subscriber than a party that arranges for conventional conference calling service. Finally, DoJ/FBI contend that in no case would a LEA need to use more than two call content channels to monitor a conference call because DoJ/FBI are not seeking separated delivery of each leg of a held call on a different call content channel.

     64. Discussion. We find that, under certain circumstances discussed below, the provision of the content of subject-initiated conference calls is a technical requirement that meets the assistance capability requirements of section 103. Under these circumstances, with appropriate lawful authorization, the LEA is entitled to "intercept, to the exclusion of any other communications, all wire and electronic communications carried by the carrier within a service area to or from equipment, facilities, or services of a subscriber."

     65. As we stated in the Further NPRM, we recognize that different carriers provide conference calling features in various ways and that not all carriers' system architectures are the same. Conference calling features include various types of multi-party calls, such as three-way calling where a bridge is established in the subscriber's serving switch, as well as "meet me" or conference bridge services where a bridge is established at a remote switch of another carrier. Some of these services are available as a standard subscriber option from a customer's presubscribed carrier, while others are available on a demand basis from multiple carriers. Some systems are designed, for example, to allow a conference call that is initiated by the subject to continue among other parties on the call even after the subject drops off the call, either by putting the call on hold or terminating the connection; other systems do not offer this feature. When a system is designed to allow the conference call to continue, we conclude that carriers must provide the content of the call under the following circumstances.

     66. Clearly, a LEA, pursuant to a court order or other lawful authorization, is entitled to the content of the conference call when the subject's facilities initiate the call and are being used to participate in the call. In this case, an open circuit is maintained between the subject's equipment, facilities and services and the other parties on the call. When the subject puts the conference call on hold, the subject's circuit to the conference call is maintained within the carrier's network (usually at the subscriber's serving switch), thus allowing the subject to rejoin easily the call without having to reinitiate the circuit. In this case, we find that the communication continues to or from the equipment, facility or service of the subscriber, and thus the carrier also must provide the content of the communication among the other parties to the conference call. In both cases, however, we conclude that the carrier does not have to provide access to the content of the communication between a participant of the conference call other than the subject and any person with whom that participant speaks on an alternative line; e.g., when A, the subject, is on a conference call with B and C, we conclude that C's conversations with D on call waiting do not have to be provided by the carrier. We also conclude that the anticipated costs to carriers of adding the conference call capability in these cases is not so exorbitant as to require automatic exclusion of the capability. In percentage terms, based on the manufacturers' aggregate revenue estimates, these costs would be 4% of the core interim standard and 9% of the total punch list.      

     67. We reach a different conclusion when the subject terminates his circuit connection to the conference call. In this case, the communication between other participants no longer is to or from the subscriber's equipment, facilities, and services, and may no longer even be "carried by the carrier within a service area" to or from the subscriber of the carrier, pursuant to section 103(a) and (d). This is especially true with conference bridges located in remote switches of other carriers. We conclude that it is not reasonable to require the carrier to provide at its IAP the communications of other parties continuing on the conference call after the subject terminates his circuit connection to the call because to do so would not be a cost-effective method of implementing the conference call intercept and may not protect the privacy and security of communications not authorized to be intercepted, pursuant to section 107(b). We recognize, as DoJ/FBI acknowledge, that if the subject arranges for a "meet me" conference bridge, the LEA will need a Title III order to cover the communication of the conference bridge. Under those circumstances, the carrier that provides the conference bridge should provide an IAP to the LEA.

2. Party hold, join, drop on conference calls      

     68. Background. This capability also involves features designed to aid a LEA in the interception of conference calls. This capability would permit the LEA to receive from the telecommunications carrier messages identifying the parties to a conversation at all times. The party hold message would be provided whenever one or more parties are placed on hold. The party join message would report the addition of a party to an active call or the reactivation of a held call. The party drop message would report when any party to a call is released or disconnects and the call continues with two or more other parties.

     69. The Further NPRM tentatively concluded that this capability constitutes call-identifying information and therefore must be provided by the carrier to the LEA where reasonably available. The Further NPRM noted, however, that LEA access to party hold, join, and drop information would be required only in cases where a carrier's facilities, equipment, or services are involved in providing the service; i.e., where a network signal is generated. To the extent that customer premises equipment (CPE) is used to provide this service, the Further NPRM tentatively concluded that party hold, join, and drop information could not be made reasonably available to the LEA because no network signal would be generated. The five manufacturers' aggregate revenue estimate for this capability is $64 million.

     70. Comments. AT&T states that currently carriers do not generate party join and drop messages, and argues that party hold messages are more appropriately classified as subject-initiated signaling. AT&T contends that whether a party joins or drops from a call has no bearing on the continuity of a call or the communications that may be made during the call, and that a call leg does not constitute either a call or a communication. Finally, AT&T argues that if we sustain our tentative conclusion with respect to this capability, we should simply require that industry provide for dynamic reporting of participant changes in a subscriber-initiated conference call because industry may have more efficient or effective ways than party messages to report joins and drops from the call.

     71. Bell Atlantic argues that if a carrier were to provide information that a party has been added to or disconnected from a call or has been put on hold, that would be a significant enhancement to existing or previous wiretapping capabilities, and would be beyond the scope of section 103(a)(5). Bell Atlantic also argues that the words "the origin, direction, destination, or termination" in section 102(2) have physical rather than temporal meanings, that is, they refer to places or locations in the network. Thus, information identifying the "termination" of a call would be the telephone number called, and would not include special information about when one leg of a multi-party calls ends. Finally, Bell Atlantic asserts that party hold, join, or drop information may not be reasonably available to the carrier because conference call capabilities are often provided through equipment that is external to the switch and may even belong to a service provider unrelated to the carrier.

     72. TIA states that, while this item is technically feasible, the provision of party hold, join, and drop information in the manner sought by the FBI would require considerable software coding to add additional call processing traps and new messages necessary to report the information. TIA further states that the interim standard already permits LEAs access to party join and drop information, and therefore, the only additional capability LEAs would receive under this punch list item is hold information. TIA contends, however, that such information is not always detected by the switch and even when it is detected, the switch may not have the specific identification information requested by the FBI.

     73. DoJ/FBI argue that without party hold, join, and drop information, a LEA often would not know who joins or leaves a conference call, whether the subject alternated between legs of the call, or which parties may have heard or said particular communications during the course of the call. They also contend that we should not use the instant proceeding to determine whether such information is reasonably available to particular carriers or platforms, but should frame an appropriate definition of reasonably available and leave the application of that definition to be worked out by individual carriers and LEAs on a case-by-case basis. DoJ/FBI further argue that the interim standard's Change message is not a substitute for party join information because: (1) the Change message is triggered by changes in call identities, rather than by changes in party identities, and therefore will not identify party joins if a manufacturer uses a single call identity to cover multiple legs of a call; (2) the interim standard's Release message is not a proxy for a party drop message because it does not require a carrier to send the Release message when a single call leg or call appearance is released; and (3) the industry has not suggested that the interim standard provides any message that notifies the LEA of party holds. Additionally, DoJ/FBI contend that commenters who oppose this capability err by treating a multi-party, multi-leg call as a single communication because doing so would mean that the LEA in many cases would lack proof of which party participated in a particular conversation and which parties did not. Finally, DoJ/FBI assert that the industry argument that this capability does not exist today confuses the information available to the network and the messages used to encapsulate the information and convey it to the LEA. DoJ/FBI maintain that whether particular information exists in a network is relevant to a carrier's obligations under section 103(a)(2), but that whether a particular message exists is irrelevant to the carrier's obligations.

     74. Discussion. We find that party hold/join/drop information falls within CALEA's definition of "call-identifying information" because it is "signaling information that identifies the origin, direction, destination, or termination of each communication generated or received" by the subject. Party join information appears to identify the origin of a communication; party drop, the termination of a communication; and party hold, the temporary origin, temporary termination, or re- direction of a communication. This capability also appears to be necessary to enable the LEA to isolate call-identifying and content information because, without it, the LEA would be unable to determine who is talking to whom, and, more accurately, to focus on the subject's role in the conversation. Further, by isolating the call- identifying information in this manner, the LEA can screen out third parties who are not privy to the communications involving the subject, thereby furthering privacy considerations.

     75. We further find that party hold/join/drop information is reasonably available to the carrier in those cases where the carrier's facilities, equipment or services are involved in providing the service, and that the anticipated costs to carriers of adding this capability are not so exorbitant as to require automatic exclusion of the capability. In percentage terms, based on the manufacturers' aggregate revenue estimates, these costs would be 7% of the core interim standard and 15% of the total punch list. To the extent that CPE is used to provide such features, we conclude that party hold/join/drop information is not reasonably available to the LEA since no network signal would be generated. Thus, we conclude that the provision of party hold, join, and drop information on conference calls, to the extent a network signal is generated, is a technical requirement that meets the assistance capability requirements of section 103.

3. Subject-initiated dialing and signaling information      

     76. Background. This capability would permit the LEA to be informed when a subject using the facilities under surveillance uses services such as call forwarding, call waiting, call hold, and three-way calling. DoJ/FBI requests this information for each communication initiated by the subject. This capability would require the telecommunications carrier to deliver a message to the LEA, informing the LEA that the subject has invoked a feature that would place a party on hold, transfer a call, forward a call, or add/remove a party to a call.

     77. The Further NPRM tentatively concluded that this capability fits within the definition of call-identifying information and therefore must be provided by the carrier to the LEA where reasonably available. The Further NPRM requested comment on whether remote subject-initiated dialing and signaling should affect this tentative conclusion, and noted that to the extent CPE is used to initiate dialing and signaling no information need be provided to the LEA. The five manufacturers' aggregate revenue estimate for this capability is $35 million.

     78. Comments. SBC and USTA state that subject-initiated dialing and signaling information is not call-identifying and may not be reasonably available. SBC argues that only if the subscriber action can be detected within a CALEA-equipped switch does this feature meet the standard, and it is unknown whether a signal of this nature can be incorporated into the switch by manufacturers at a reasonable cost.

     79. TIA states that subject-initiated dialing and signaling information has nothing to do with call processing, and that the interim standard generally provides all of the relevant call-identifying information. TIA contends that the only additional information the LEA would receive under this punch list item is the identity of the keys pressed by the subject to enable the feature, and most manufacturers would have to make fairly substantial modifications to their equipment to capture and report such information.

     80. BellSouth contends that subject-initiated dialing and signaling information would be redundant with the information provided by party join, hold, and drop messages. BellSouth also states that privacy concerns would be raised by this capability.

     81. DoJ/FBI contend that industry's arguments that information about a subject's use of flash hook, feature keys, and similar activity is not call- identifying are incorrect. DoJ/FBI argue that a subject's use of these feature keys changes the connections between the parties to a call, and in so doing changes the "direction" and "destination" (and in some cases "origin" or "termination") of one or more "communication[s] generated or received" by the subject. Moreover, DoJ/FBI argue that any use of feature keys or flash hooks by a subject to control a call constitutes "direction" of the communication by the subject. DoJ/FBI further argue that BellSouth's suggestion that the information a LEA would derive from a subject's dialing and signaling activity is redundant with the information it would learn from party join, hold, drop messages is incorrect because dialing and signaling may be either pre- or post-cut-through, and may be transmitted either in- or out-of-band. DoJ/FBI states that some of this activity may result in party joins, holds, or drops, but much of it will not; and that, conversely, there will be many instances in which a change in party connections does not reflect any subject-initiated dialing and signaling activity.

     82. Discussion. We conclude that subject-initiated dialing and signaling information fits within the definition of call-identifying information contained in section 102(2) of CALEA, and that the anticipated costs to carriers of adding this capability are not so exorbitant as to require automatic exclusion of the capability. In percentage terms, based on the manufacturers' aggregate revenue estimates, these costs would be 4% of the core interim standard and 8% of the total punch list. Call-forwarding signaling information identifies the direction and destination of a call, and call-waiting signaling information identifies the origin and termination of each communication. We also conclude that access to subject-initiated dialing and signaling information may be necessary in order for the LEA to isolate and correlate call- identifying and call content information. Knowing what features a subject is using will ensure that the LEA receives information "in a manner that allows it to be associated with the communication to which it pertains." For example, without knowing that a subject has switched over to a call on call-waiting, the LEA may not be able to associate the call-identifying information with the call content to which it pertains and thus could be more likely to mistake one call for another. Further, we conclude that all in-band signals generated by a subject that must be processed at the IAP (e.g., rotary dial pulse digits, on-hook, off-hook, and flashes) are reasonably available to the carrier. Dual tone multi-frequency (DTMF) signals generated by a subject that must be processed at the IAP also are reasonably available to the carrier; however, some DTMF signals generated by the subject are post-cut-through digits and are addressed separately in this order. To the extent CPE is used to perform any of the functions described here, and no network signal is generated, that information is not reasonably available to a carrier, and thus, is not required to be provided. Thus, we conclude that the provision of subject-initiated dialing and signaling information is a technical requirement that meets the assistance capability requirements of section 103.

4. In-band and out-of-band signaling

     83. Background. This technical requirement would enable a telecommunications carrier to send a notification message to the LEA when any network message (ringing, busy, call waiting signal, message light, etc.) is sent to a subject using facilities under surveillance. For example, if someone leaves a voice mail message on the subject's phone, the notification to the LEA would indicate the type of message notification sent to the subject (such as the phone's message light, audio signal, text message, etc.). For calls the subject originates, a notification message would also indicate whether the subject ended a call when the line was ringing, busy (a busy line or busy trunk), or before the network could complete the call.

     84. The Further NPRM stated that certain types of in-band and out-of-band signaling, such as notification that a voice mail message has been received, appear to constitute call-identifying information; whereas other types of in-band and out-of-band signaling may constitute call content information and thus would raise questions as to under what authority they should be provided to the LEA. The Further NPRM therefore sought comment on what types constitute a technical requirement necessary to meet the CALEA assistance capability requirements. The five manufacturers' aggregate revenue estimate for this capability is $57 million.

     85. Comments. Nextel and PCIA each state that in-band and out-of band signaling information is not call-identifying because in-band and out-of-band messages are not used to route calls, but merely inform the subject as to the status of calls made or received. Nextel states that what identifies the origin, direction, destination, or termination of a call are the numbers dialed, not any subsequent network signal that provided information about the call.

     86. TIA states that certain types of network signaling may constitute call-identifying information or call content, but most of the broad range of signals sought by the FBI are neither. TIA maintains that there are hundreds of features supported by modern switches that provide some sort of signaling within the scope of the FBI's request, and that in order to report this signaling each of these features would require software modifications, affecting the entire system architecture. TIA asserts that if we require carriers to report any such signals, we should specify which signals are covered and should clarify that carriers can provide notification only of those signals that are sent to the subject's unit and that are generated by the serving switch. SBC generally agrees with TIA, and also states that to the extent that network signaling can be audibly detected over the subject's subscriber line, they constitute call content and can be obtained only under a Title III authorization.

     87. Ameritech states that a notification that a voice mail message has been received is not call-identifying information because that type of message is associated with the provision of an information service, which we acknowledge is not part of CALEA. Nextel and US West, Inc. (US West) agree.

     88. DoJ/FBI state that, contrary to industry commenters, network signaling constitutes call-identifying information because without such signaling, a subject will be unaware that an incoming call is taking place and the calling party will never reach the subject. DoJ/FBI further state that there are many circumstances in which the interim standard's existing messages, such as the Termination Attempt message, will not provide the LEA with knowledge of the network signaling presented to the subject. Additionally, DoJ/FBI state that SBC's argument that audible network signals constitute call content is not legally supported because Title III is designed to protect communications between the parties using a telecommunications network, not signaling by the network. Finally, DoJ/FBI argue that network notification of waiting voice mail messages is covered by section 103 because when a carrier sends a network notification message to alert a subscriber that he has received a voice mail message, the carrier is not acting as an information service provider.

     89. Discussion. We conclude that some in-band and out-of-band signaling constitutes call-identifying information under section 102(2) of CALEA and that the anticipated costs to carriers of adding this capability are not so exorbitant as to require automatic exclusion of the capability. In percentage terms, based on the manufacturers' aggregate revenue estimates, these costs would be 6% of the interim core standard and 14% of the total punch list. Certain types of signals, such as ringing and busy signals, clearly fall within the scope of call-identifying information because they indicate information about the termination of a call. Other types of signals, however, may simply be used by carriers for supervision or control of certain functions and features of the network and do not trigger any audible or visual message to the subscriber and, thus, would not be call-identifying information. We thus conclude that in-band and out-of-band signals that are generated at the IAP toward the subscriber (e.g., call waiting or stutter dial tone) and that are being used for call processing purposes are call identifying information that is reasonably available to the carrier. Other signals that provide call identifying information (e.g., busy, fast busy, audible ringing tone), although generated elsewhere in the carrier's network, pass through the IAP on their way to the subject even if they are not used for call processing and can be made available without excessive modifications to the network and thus are reasonably available to the carrier. To the extent CPE is used to perform any of the functions described here, and no network signal is generated, that information is not reasonably available to a carrier and thus is not required to be provided.

5. Timing information      

     90. Background. In those cases where the LEA has obtained authorization to intercept both content and call-identifying information, this capability would require that a telecommunications carrier send call timing information to the LEA so that the LEA could associate the call-identifying information with the actual content of the call. There would be two elements to this capability:

1) Each call-identifying message (answer message, party join message, party drop message, etc.) would be time stamped within a specific amount of time from when the event triggering the message occurred. This time-stamp would allow the LEA to associate the message with the call content information (i.e., the conversation). DoJ/FBI propose that the time stamp be accurate to within 100 milliseconds.

2) A carrier would be required to send the call-identifying message to the LEA within a defined amount of time after the event to permit the LEA to associate the number dialed to the conversation. DoJ/FBI propose that the event be defined as the time the message is received at the switch's IAP, and that delivery from the IAP to the LEA's Collection Function take place within 3 seconds 99% of the time.

      91. The Further NPRM tentatively concluded that this capability is call-identifying information and therefore must be provided by the carrier to the LEA where reasonably available. The five manufacturers' aggregate revenue estimate for this capability is $20 million.

     92. Comments. Industry commenters argue that timing information is not call-identifying and is not required by CALEA. AirTouch states that a time stamp is not part of the call, does not identify the origin, direction, destination, or termination of the call, and would not have been picked up from the call on a traditional pen register or trap and trace interception. Ameritech and AT&T similarly assert that timing information is not call-identifying, and AT&T proposes that any timing requirements be message specific, taking into account the nature of the event that prompts the message and its relative importance to a LEA to know it. AT&T argues that any timing requirement should have to be met only 95% of the time. Finally, Sprint PCS states that it already provides LEAs with various types of call identifying information within 4-6 seconds of the event's occurring.

     93. TIA states that it disagrees that timing information is call-identifying, but says that it does not oppose a timing provision within the final standard. TIA asserts that while manufacturers would prefer to maintain the standard's "expeditious access" requirement, they are willing to replace that provision with a specific amount of time, as long as that time is reasonable and consistent with current system architectures. TIA proposes that such a timing requirement apply to the time between detection of the event by the interim standard's Delivery Function and the sending of the call-identifying message from the Delivery Function toward the LEA's Collection Function, and that the message be sent within eight seconds 95% of the time, and with an accuracy near 200 milliseconds.

     94. DoJ/FBI argue that the interim standard must be modified to incorporate a specific timing requirement in order to give effect to the general timing provisions of section 103(a)(2). They further argue that the timing requirements they suggest are feasible and constitute a performance standard, not a design standard; and that we are not being asked to prescribe any specific design by which the timing requirements are to be met. NYPD agrees with DoJ/FBI that the requested 3 second delivery timeframe with 99% probability and 100 millisecond accuracy for the time stamp is needed to ensure timely delivery of call-identifying information.

     95. Discussion. We will adopt a timing information requirement as an assistance capability requirement of section 103 of CALEA. First, we find that time stamping is call-identifying information as defined in section 102(2) of CALEA. This information is needed to distinguish and properly associate the call identifying information with the content of several calls occurring at approximately the same time. In other words, time stamp information is needed to identify "the origin, direction, destination, or termination" of any given call and, thus, fits within the statutory definition of section 102(2). Second, we find that delivery of call- identifying information, including time stamp information, to the LEA must, pursuant to section 103(a)(2), be provided in such a timely manner to allow that information "to be associated with the communication to which it pertains." Third, we find that the anticipated costs to carriers of adding this capability are not so exorbitant as to require automatic exclusion of the capability. In percentage terms, based on the manufacturers' aggregate revenue estimates, these costs would be 2% of the core interim standard and 5% of the total punch list. Therefore, we will include timing parameters for delivery of call-identifying information as a technical requirement necessary to meet the assistance capability requirements of section 103(a).

     96. Specifically, because we find it to be a reasonable compromise between the DoJ/FBI and TIA proposals, we will adopt the DoJ/FBI proposal that the event be defined as the time the call-identifying information is received at the IAP and TIA's proposal that this information, including a time stamp, be transmitted to the LEA's Collection Function within eight seconds 95% of the time, and that the time stamp be accurate within 200 milliseconds. We find that TIA's proposal to define the event as the time the call-identifying message is detected by the Delivery Function to be insufficient because in some circumstances this message might not be detected by the Delivery Function until well after it was received at the IAP. However, we find the DoJ/FBI proposal for delivery of the message from the IAP to the LEA's Collection function within 3 seconds 99% of the time with 100 millisecond accuracy to be overly stringent and possibly excessively costly to carriers given the various network designs used by carriers in different services applying this requirement. Accordingly, we will require that delivery of a call-identifying message be transmitted to the LEA's Collection Function within eight seconds of its receipt by the IAP 95% of the time, and with an accuracy within 200 milliseconds.

6. Surveillance status

     97. Background. This capability would require the telecommunications carrier to send information to the LEA to verify that a wiretap has been established and is still functioning correctly. This information could include the date, time, and location of the wiretap; identification of the subscriber whose facilities are under surveillance; and identification of all voice channels that are connected to the subscriber. This information would be transmitted to the LEA when the wiretap is activated, updated or deactivated, as well as periodically.

     98. The Further NPRM tentatively concluded that surveillance status messages do not fall within any provisions of section 103 and therefore should not be required for CALEA compliance. The Further NPRM tentatively concluded that such messages could be useful to LEAs, but are not required by the plain language of CALEA. The five manufacturers' aggregate revenue estimate for this capability is $37 million.

     99. Comments. Industry commenters agree that this capability is not required by CALEA. TIA states that there is no statutory basis for this requirement, and that it would be extremely difficult and costly to implement, particularly for wireless services. TIA contends that a wireless surveillance status requirement would require significant modifications to system architecture to verify electronically that every relevant mobile switch and every other piece of network equipment containing intercept-related data is operational and properly configured.      

     100. DoJ/FBI state that section 103 obligates carriers to take affirmative steps to ensure surveillance integrity, and that the interim standard excuses carriers from taking any such steps. DoJ/FBI contend that a carrier that does not take any affirmative steps to monitor the integrity of authorized electronic surveillance is not "ensuring" that its equipment, facilities, and services are capable of delivering "all communications" and all reasonably available call-identifying information that law enforcement is authorized to intercept while protecting the privacy and security of other communications and call-identifying information. DoJ/FBI further argue that TIA's argument that implementing these messages would require fundamental design of wireless networks assumes that the reporting of surveillance status messages would require a central implementation. According to DoJ/FBI, however, a wireless carrier would be free to transmit surveillance status messages directly from each network element involved in the surveillance, just as each switch will separately transmit call-identifying information and call content to law enforcement. The New Jersey State Police (NJSP) and NYPD agree with DoJ/FBI that a surveillance status message is necessary.

     101. Discussion. CALEA requires carriers to ensure that authorized wiretaps can be performed in an expeditious manner, and we believe that a surveillance status message could assist carriers and LEAs in determining the status of such wiretaps. We conclude, however, that a surveillance status message does not fall within any of the provisions of section 103. We do not believe that it is call-identifying information as defined by CALEA, since the information such a feature would provide would not identify "the origin, direction, destination, or termination of each communication." Nor does a surveillance status message appear to be required under section 103(a)(1), since it is not a wire or electronic communications carried on a carrier's system. Nor are we persuaded by the FBI's interpretation that a surveillance status message is required by CALEA's direction that a carrier "shall ensure" that its system is capable of meeting the section 103(a) requirements. Rather, we note that the Act expressly states: "a telecommunications carrier shall ensure that its equipment, facilities, or services . . . are capable of" intercepting communications and allowing LEA access to call-identifying information. We interpret the plain language of the statute to mandate compliance with the capability requirements of section 103(a), but not to require that such capability be proven or verified on a continual basis. Ensuring that a wiretap is operational can be done in either a technical or non-technical manner, and section 103(a) does not include "ensurance" itself as a capability. Thus, we conclude that the surveillance status punch list item is not an assistance capability requirement under section 103. However, we are confident that carriers and LEAs will work together to ensure that a wiretap is functioning correctly. We also note that there is nothing that would prevent carriers from providing this capability either on a voluntary basis, or with compensation from LEAs.

7. Continuity check tone

     102. Background. This technical requirement would require that, in cases where a LEA has obtained authority to intercept wire or electronic communications, a C-tone or dial tone be placed on the call content channel received by the LEA from the telecommunications carrier until a user of the facilities under surveillance initiates or receives a call. At that point, the tone would be turned off, indicating to the LEA that the target facilities were in use. This capability would permit correlation between the time a call is initiated and the time the connection is established. The C-tone would also verify that the connection between the carrier's switch and the LEA is in working order.

     103. The Further NPRM tentatively concluded that continuity check tones do not fall within any provisions of section 103 and therefore should not be required for CALEA compliance. The Further NPRM tentatively concluded that such tones could be useful to LEAs, but are not required by the plain language of CALEA. The five manufacturers' aggregate revenue estimate for this capability is $3 million.

     104. Comments. Industry commenters agree that this capability is not required by CALEA. AirTouch states that a carrier's diligent compliance with the industry standard, coupled with its observation of routine maintenance and operational standards, will adequately ensure the integrity of wiretap surveillance facilities. Bell Atlantic contends that this capability, as well as the surveillance status and feature status capabilities, would give LEAs information they have not previously had and, accordingly, these capabilities should be rejected. PCIA argues that the delivery of an automated continuity check would require carriers to install C-tone generators at the switch.

     105. DoJ/FBI reiterate the arguments they make with respect to surveillance status messages, contending that section 103 obligates carriers to take affirmative steps to ensure surveillance integrity, and that the interim standard excuses carriers from taking any such steps. DoJ/FBI also contend that PCIA's assertion that delivery of an automated continuity check tone would require carriers to install C-tone generators at the switch level is incorrect, because a C-tone is not the only form of continuity check that would be acceptable to LEAs.

     106. Discussion. As with the case of surveillance status messages, we believe that continuity tone could assist the LEA in determining the status of a wiretap, but that this technical requirement is not necessary to meet the mandates of section 103(a). Similar to our reasoning regarding surveillance status messages, we do not believe that a continuity tone falls within CALEA's definition of call-identifying information, since the information such a feature would provide would not identify "the origin, direction, destination, or termination of each communication." Nor does it appear to be required under section 103(a)(1), since it is not a wire or electronic communications carried on a carrier's system. Furthermore, as explained above, the plain language of the statute mandates compliance with the capability requirements of section 103(a), but does not require that such capability be proven or verified on a continual basis. Again, ensuring that a wiretap is operational can be done in either a technical or non- technical manner, and section 103(a) does not include "ensurance" itself as a capability. Thus, we conclude that the continuity tone punch list item is not an assistance capability requirement under section 103. As noted in paragraph 101, supra, we are confident that carriers and LEAs will work together to ensure that a wiretap is functioning correctly, and also note that there is nothing that would prevent carriers from providing this capability either on a voluntary basis, or with compensation from LEAs.

8. Feature status

     107. Background. This technical requirement would require a carrier to notify the LEA when specific subscription-based calling services are added to or deleted from the facilities under surveillance, including when the subject modifies capabilities remotely through another phone or through an operator. Examples of such services are call waiting, call hold, three-way calling, conference calling, and call return. Also, the carrier would be required to notify the LEA if the telephone number of the facilities under surveillance was changed or service was disconnected.

     108. The Further NPRM tentatively concluded that feature status messages do not fall within any provisions of section 103 and therefore should not be required for CALEA compliance. The Further NPRM tentatively concluded that such messages could be useful to LEAs, but are not required by the plain language of CALEA. The five manufacturers' aggregate revenue estimate for this capability is $40 million.

     109. Comments. Industry commenters agree that this capability is not required by CALEA. SBC contends that it is unreasonable to mandate measures that would require the wholesale redesign of a carrier's network simply to comply with a LEA's preferences regarding surveillance. SBC also contends that while it is necessary for changes in the telephone number of the facilities to be conveyed to a LEA, that need is already being met through existing administrative procedures. US West states that it has provided LEAs with expeditious access to feature status information in the past and will do so in the future. US West also contends that LEAs never before had the access that DoJ/FBI now is demanding to carriers' databases, and that DoJ/FBI's reasons for seeking this access are unconvincing. PCIA maintains that provision of a feature status message by a carrier is not feasible because a carrier may not know which features a subscriber has implemented at any particular time.

     110. DoJ/FBI reiterate the arguments they make with respect to surveillance status messages and continuity check tones, contending that section 103 obligates carriers to take affirmative steps to ensure surveillance integrity, and that the interim standard excuses carriers from taking any such steps. DoJ/FBI also contend that PCIA's assertion that carriers may not be able to provide a feature status message because they may not know which features a subscriber has implemented at any particular time is inconsistent with the way carriers' networks operate. NYPD agrees with DoJ/FBI that a feature status capability is needed by LEAs, and states that this capability is particularly necessary with respect to call forwarding and when a subject disconnects his service or changes his telephone number.

     111. Discussion. Similar to surveillance status messages and continuity tones, we believe that feature status messages could be useful to a LEA, but that provision of these messages from a carrier to a LEA is not required to meet the mandates of section 103(a). First, we believe it is clear that feature status messages do not constitute call-identifying information since the information such a feature would provide would not identify "the origin, direction, destination, or termination of each communication." Further, feature status messages do not appear to be required under section 103(a)(1) because they are not wire or electronic communications carried on a carrier's system. Rather, they would simply aid a LEA in determining how much capacity is required to implement and maintain effective electronic surveillance of a target facility, information that could be useful in assuring that an interception is fully effectuated and the intercepted material delivered as authorized. However, as noted by AT&T, the information that would be provided by feature status messages can be provided by other means, such as in response to a subpoena to the carrier. We reiterate that the plain language of the Act mandates compliance with the assistance capability requirements of section 103(a), but does not require carriers to implement any specific quality control capabilities to assist law enforcement. The information sought by DoJ/FBI in a feature status message can be provided in either a technical or non-technical manner, and section 103(a) does not include "ensurance" itself as a capability. Thus, we conclude that the feature status punch list item is not an assistance capability requirement under section 103. Similar to surveillance status messages and continuity check tones, we are confident that carriers and LEAs will work together to ensure that some form of feature status capability is provided, and also note that there is nothing that would prevent carriers from providing this capability either on a voluntary basis, or with compensation from LEAs.

9. Dialed digit extraction

     112. Background. This capability would require the telecommunications carrier to provide to the LEA on the call data channel the identity of any digits dialed by the subject after connecting to another carrier's service (also known as "post-cut-through digits"). One example of such dialing and signaling would occur when the subject dials an 800 number to access a long distance carrier. After connecting to the long distance carrier through the 800 number, the subject then dials the telephone number that represents the ultimate destination of the call.

     113. The Further NPRM tentatively concluded that the identity of post-cut-through digits representing all telephone numbers needed to route a call, for example, from the subscriber's telephone through its LEC, then through IXC and other networks, and ultimately to the intended party is call-identifying information. The Further NPRM sought comment on whether such call-identifying information is reasonably available to the carrier originating the call. The five manufacturers' aggregate revenue estimate for this capability is $121 million.

     114. Comments. EFF, EPIC, and ACLU argue that CALEA does not permit a LEA to obtain post-cut-through digits via a pen register order directed at the initial telecommunications carrier because those digits are carried on the initial carrier's call content channel, and therefore must be treated the same as other call content and not revealed to a LEA through a pen register order served on that carrier. EFF, EPIC, and ACLU maintain that information contained in the call content portion of a transmission does not qualify as call-identifying because it does not identify the "origin, direction, destination or termination" of the initial carrier's communications.

     115. PCIA and TIA each assert that post-cut-through digits are not call-identifying information and are not reasonably available to the originating carrier. TIA states that a carrier has no reason to detect dialed digits that are not used for call routing, and the manufacturers' switch designs do not contemplate their detection since they are meaningless to the switch after the call is routed. Further, TIA contends, modifying these fundamental switch designs would be extraordinarily difficult and expensive.

     116. PCIA, Ameritech, and BellSouth propose alternative ways for a LEA to obtain post-cut-through dialed digits. PCIA states that, under the interim standard, a LEA would be provided with these digits if it either serves the LEC with a Title III warrant and arranges for the provisioning of a CCC from that carrier, or serves the interexchange carrier (IXC) with a pen register warrant and arranges for the provisioning of a CDC from that carrier. PCIA states that given the availability of these alternatives, we should not expand the interim standard in a manner that conflicts with section 103. Ameritech and BellSouth propose another alternative method, which they claim would be less expensive than our proposal that would require carriers to redesign touchtone detector architectures and add detector hardware to their switches. Ameritech and BellSouth propose that a LEA obtain a pen register warrant, order a CCC from the originating carrier, and install equipment at the LEA's collection facility to extract dual tone multi frequency (DTMF) digits. According to Ameritech and BellSouth, such a practice would allow carriers to avoid the expense of both developing a digit extraction feature and keeping touchtone registers tied to a monitored call for the duration of that call.

     117. AirTouch argues that a dialed digit extraction capability would be particularly expensive for wireless carriers to implement. It cites a vendor estimate that each dialed digit extraction would cost about $1000; thus, a carrier whose switching system has the capability of conducting 200 simultaneous wiretaps would have to pay roughly $200,000 -- an amount that AirTouch maintains is comparable to the per-switch cost of the software upgrade for the entire punch list.

     118. DoJ/FBI argue that the statutory definition of call-identifying information encompasses all dialing and signaling information that identifies the destination of each communication generated or received by a subscriber regardless of whether the particular carrier from whom the information is being sought uses the information for call routing purposes; accordingly, DoJ/FBI maintain that it is irrelevant whether an originating carrier uses post-cut-through digits to route calls through the network. DoJ/FBI also contend that the argument of EFF, EPIC, and ACLU regarding a LEA's lack of authority to obtain call content channel information with only a pen register order is incorrect. DoJ/FBI state that the pen register statute authorizes LEAs to acquire all call-identifying numbers dialed or otherwise transmitted by the subject using the monitored facilities. Ideally, DoJ/FBI state, carriers would have the capability to automatically distinguish between post-cut-through digits used for call completion and those used for other purposes, but in the absence of such a capability, the carrier must deliver all post-cut-through digits to the LEA. Additionally, DoJ/FBI argue that post-cut-through digits cannot be obtained expeditiously from other carriers, and often will not be available at all; and that for a LEA to provision a CCC to extract post-cut-through tones at the LEA's collection facility would cost LEAs as much as $20 million per year. Moreover, DoJ/FBI argue that delivering the contents of a subject's post-cut-through communications to a LEA pursuant to a pen register order could pose unnecessary risks to privacy interests because innocent conversations might be heard by LEAs in the course of such surveillance.

     119. Discussion. We find that some digits dialed by a subject after connecting to a carrier other than the originating carrier are call-identifying information. While a subject may dial digits after the initial call set-up that are not call-identifying -- e.g., a bank account number to access his/her bank statement -- some digits dialed after connecting to an IXC identify the "origin, direction, destination or termination" of the communications. We also find that this call-identifying information is "reasonably available" to the originating carrier because the digits dialed by a subject after connecting to another carrier are present at an IAP and can be made available by the originating carrier without the carrier being unduly burdened with network modifications.

     120. Additionally, we note that there appears to be a consensus that LEAs should be permitted to obtain in some fashion digits dialed by the subject after connecting to another carrier's service. PCIA, Ameritech, and BellSouth have proposed alternative methods of extracting such digits, and these methods would minimize the expense to originating carriers. However, each alternative method also raises significant concerns. The first method proposed by PCIA -- a LEA serving the originating carrier with a Title III warrant and arranging for the provisioning of a CCC from that carrier -- is not feasible unless the LEA can obtain the legal authorization necessary for a Title III warrant. The burden of proof necessary for obtaining a Title III authorization is more stringent than that required for a pen register warrant, and a pen register is all that is required to obtain call-identifying information. We do not believe that CALEA contemplates changing the standard of proof in obtaining a warrant in order to avoid implementing a particular CALEA feature.

     121. The second method proposed by PCIA -- a LEA serving an IXC with a pen register warrant and arranging for the provisioning of a CDC from that carrier -- would shift the cost burden from the originating carrier to the LEA, which would not necessarily be less expensive to the public. Further, this method could be time-consuming, particularly if a caller used multiple IXCs to complete a single call, and thus would seem to defeat one of the purposes of CALEA to preserve the ability of law enforcement officials to conduct electronic surveillance effectively and efficiently in the face of rapid advances in telecommunications technology. Finally, this method would shift to the LEA responsibility for ensuring that the interception is conducted in a way that protects the privacy and security of communications not authorized for interception, and thus would effectively relieve carriers of their obligations under section 103(a)(4) of CALEA.

     122. The method proposed by Ameritech and BellSouth -- a LEA obtaining a pen register warrant, ordering a CCC from the originating carrier, and installing equipment at the LEA's collection facility to extract DTMF digits -- would again shift the cost burden from the originating carrier to the LEA and thus not necessarily effect a cost savings for the public. Additionally, this method would jeopardize privacy because the LEA would be using a CCC, and therefore would obtain call content, as well as call-identifying, information under a pen register warrant. Thus, to an even greater extent than the second method proposed by PCIA, this method would shift to the LEA responsibility for ensuring that the interception is conducted in a way that protects the privacy and security of communications not authorized for interception, and thus would relieve carriers of their obligations under section 103(a)(4).

     123. Accordingly, while we are concerned about the costs of a dialed digit extraction capability to originating carriers, as well as the privacy implications of permitting LEAs to access non-call-identifying digits (such as bank account numbers) with only a pen register warrant, we find that requiring this capability is appropriate. We find that adopting our proposal rather than one of the three alternatives suggested in the comments will best balance the directives of section 107(b) of CALEA that the capability requirements of section 103 be met by cost-effective methods and that the privacy and security of communications not authorized to be intercepted be protected. As with packet switching, the LEA will be required to minimize its search of the CDC for call-identifying information. With respect to costs, we note that the manufacturers' revenue data indicate that the cost of a dialed digit extraction capability would exceed the cost of any other punch list capability. In percentage terms, based on the manufacturers' aggregate revenue estimates, this cost would be 13% of the core interim standard and 29% of the total punch list. Based on the manufacturers' wireless revenue estimates, this cost would be 17% of the core interim standard and 26% of the total punch list. However, in balancing these costs against other statutory requirements, we do not find them to be so exorbitant as to require automatic exclusion of the capability. Further, it is unclear whether any of the alternative methods proposed would be significantly less expensive; rather, they would simply shift the cost burden from carriers to LEAs. Thus, we conclude that the provision of dialed digit extraction information by the originating carrier is a technical requirement that meets the assistance capability requirements of section 103.

D. Disposition of J-STD-025 Modifications

     124. Background. In the Further NPRM, we stated that we expected that TIA Subcommittee TR45.2 would modify the interim standard to be consistent with any additional technical requirements we adopt, and that we anticipated that the Subcommittee would complete those modifications within 180 days of release of this Third R&O. We noted that this was an ambitious schedule, but we stated that we believed it to be achievable because the Subcommittee has been examining CALEA technical standards issues for several years and the modifications to J-STD-025 are likely to be relatively limited. Finally, we stated that we would set a separate compliance deadline for those additional technical requirements.

     125. Comments. TIA endorses our conclusion that its Subcommittee TR45.2 should revise the interim standard, consistent with the requirements that we adopt. TIA states that the Subcommittee has the expertise and resources to issue a revised technical standard in the most efficient and expeditious manner, and that it will make every effort to expedite the completion of a stable, ballot-ready revision of the final standard within 180 days. TIA contends, however, that 180 days for a balloted and approved standard is not possible. TIA also requests clarification as to whether the revisions to the interim standard should be balloted as a TIA/American National Standards Institute (ANSI) standard, or as another interim standard. TIA states that the former procedure would extend the balloting and approval process. Finally, TIA states that representatives from our Office of Engineering and Technology should participate in the standard's formulating group, and that members of the privacy and law enforcement communities are strongly encouraged to participate.

     126. Several parties submitted comments consistent with those submitted by TIA. US West states that it supports the proposed remand to the TIA Subcommittee, but that the expectation that the Subcommittee will be able to complete its work within 180 days probably is overly optimistic. US West contends that developing a consensus on the necessary technical standards and having them subsequently approved by ballot, as required under ANSI procedures, could take more than one year. SBC states that it agrees with us about remanding the interim standard to the Subcommittee, but contends that whether the activity of the Subcommittee can be completed within 180 days will depend upon the extent of our modifications. AT&T states that it may be feasible to complete technical amendments to the interim standard within 180 days, but that procedures for promulgation as a final industry standard will require additional time. However, DoJ/FBI contend that if the Commission is specific about the changes required to the interim standard, there is no reason why the Subcommittee cannot produce a ballot-ready draft within 90 days and a vote on the final standard within an additional 90 days.

     127. TIA argues that implementation of the additional punch list capabilities by manufacturers and carriers should be at least 36 months after the June 30, 2000 deadline for implementing the capability requirements covered by the interim standard. This deadline would provide manufacturers approximately 24 months to design and test new products and provide carriers approximately 12 months to acquire and test new products in their networks, according to TIA. DoJ/FBI suggest that manufacturers and carriers be required to implement the punch list capabilities within 18 months of adoption of a revised industry standard. DoJ/FBI argue that the industry already has begun work on revisions to the standard to include the punch list capabilities, and points to the long delays that already have occurred in implementing CALEA, urging the Commission not to delay further industry compliance.

     128. Discussion. As proposed, we are remanding the interim standard to Subcommittee TR45.2 of the TIA to make the necessary technical modifications in accord with our findings herein. We believe that those technical requirements can be most efficiently implemented by permitting the Subcommittee to make the modifications. LEAs, carriers, and manufacturers are voting members of the Subcommittee, and the Subcommittee has the experience and resources in place to resolve these issues quickly. Regarding the specific timing requirements, we conclude that seven months is a reasonable period of time for TIA to complete the necessary changes to J-STD-025. We note that only certain punch list items will need to be included in the revised standard, which will reduce the amount of work to be completed, and that the industry already has begun work in this regard. Accordingly, we will require TIA to complete the necessary revisions to the interim standard by March 30, 2000. We find it sufficient for TIA to adopt a revised TIA interim standard and see no need or benefit to consider the revised standard as an ANSI standard. Commission staff will closely monitor the development of the revised standard, but will not participate directly so that we can maintain our impartiality in the event of disputes relative to the revised standard.

     129. We will require wireline, cellular, and broadband PCS carriers to make the six punch list capabilities available to LEAs by September 30, 2001. We believe that manufacturers, if they have not done so already, will begin working to include the additional capabilities in their products as soon as practicable after adoption of this Third R&O, rather than delay such work until after the June 30, 2000 deadline, as TIA suggests. Relative to implementation of the core interim standard, the September 30, 2001 deadline will provide carriers an additional 15 months to implement these capabilities. We find that this deadline provides sufficient time for the development process to be completed and for carriers to implement these capabilities.

E. Other Technologies and Systems

     130. Background. In the Further NPRM, we noted that the interim standard applies only to wireline, cellular, and broadband PCS carriers. CALEA assistance capability requirements for other telecommunications service providers, including paging, specialized mobile radio (SMR), and satellite service providers, are not covered by that standard. Industry associations or standard-setting organizations that represent such service providers that fit within the definition of telecommunications carrier under CALEA may establish voluntary standards to achieve compliance with section 103 by the June 30, 2000 deadline, and take advantage of the safe harbor provision of section 107(a). The absence of an industry standard, however, does not relieve such carriers from the obligations imposed by section 103. In the absence of a publicly available standard, a carrier will have to work with its vendors to develop an individual CALEA solution, and a carrier is free to choose a solution that is specifically tailored to its particular system and technology.

     131. Comments. Motorola states that it has been active with respect to technical work involving paging, satellite, SMR, and Enhanced Specialized Mobile Radio (ESMR) systems. It contends that we should defer to and encourage these ongoing efforts by other sectors of the telecommunications industry to comply with CALEA's obligations. Motorola also recommends that we clarify that this Third R&O is not a checklist against which other standards will be judged in the future because requirements that may be reasonable in the wireline, cellular, or PCS context simply may not apply to other technologies. Finally, Motorola states that we should recognize that despite industry's best efforts, compliance for these other technologies may not be possible by June 30, 2000. Motorola states that we may want to grant a blanket extension for these technologies and postpone their capability compliance until their eventual capacity deadline under the FBI's final notice of capacity.

     132. American Mobile Satellite Corporation (AMSC) states that, in the absence of petitions to us, we should allow operators of systems that use other technologies to establish, in consultation with LEAs, the capability requirements that will apply to their services. AMSC states that only if we are requested to consider the adequacy of technical rules or standards that are adopted for carriers not covered by the interim standard should we become involved. Similarly, ICO Services Limited (ICO) states that we should not take any action at this time with respect to mobile satellite providers, and should allow those providers to work directly with LEAs to establish standards. AT&T states that, unless a party asks us to intercede in the standards process, we should have no direct role. Rather, we should announce general capability principles under section 103, leaving industry associations or standard setting bodies to implement the requirements based on the particular technology. Southern Communications Services, Inc. (Southern) states that we should establish a CALEA safe harbor standard for SMR carriers, but that our role in the standards setting process should be limited absent a deficiency petition or failure of industry to establish standards. Southern further states that our decisions herein should serve only as a general guide for SMR carriers, and that the definition of reasonably available will differ based on the particular technology employed. Finally, PCIA states that it has developed a safe harbor standard for traditional paging providers, whereby such providers will meet the assistance capability requirements through the provision of cloned pagers. However, PCIA contends that NYPD has requested that paging carriers provide specific call-identifying information that is neither required by section 103 nor by the paging safe harbor standard, and that this request should be rejected.

     133. Discussion. Under Section 107 of CALEA, we can establish technical requirements or standards only after a Government agency or person petitions us to do so because an industry standard has not been developed or because the petitioner finds that such a standard is deficient. In the absence of a petition, we do not have authority to establish standards and thus do not do so herein for telecommunications carriers deploying other technologies. We note that each of the requirements we adopt herein with respect to wireline, cellular, and broadband PCS carriers is not necessarily appropriate for other technologies. As to the deadline for compliance for other technologies, we decline to extend the date. We made clear in the Extension Order that the June 30, 2000 deadline would apply to all telecommunications carriers and should provide sufficient time for the development of CALEA-compliant technology. Accordingly, while we will consider any petitions that may be filed to extend that deadline for specific services, we decline to issue a blanket extension herein. Finally, with respect to PCIA's concerns regarding the safe harbor standard it says that it has developed with respect to paging systems, no party has petitioned us contending that PCIA's paging standard is deficient. Therefore, there is at present no issue for us to resolve regarding that standard.

F. Other Matters

     134. Standardized Delivery Interface. DoJ/FBI contend that there is another capability that should be included in the final industry standard; namely, a standardized delivery interface that would limit the number of potential delivery interfaces LEAs would need to accommodate from the telecommunications industry. DoJ/FBI state that the interim standard does not contain any limitation on the number of protocols that may be used by carriers to deliver call content and call-identifying information. Therefore, according to DoJ/FBI, unless a relatively small number of standardized protocols are employed, each carrier will be free to employ a different interface protocol, and LEAs could be faced with prohibitive practical and financial burdens in equipping themselves to deal with scores of different protocols. DoJ/FBI state that this capability was part of their original punch list and they have not dropped it from consideration, even though we stated in the Further NPRM that it had been dropped. DoJ/FBI argue that limiting the number of delivery interfaces will ensure that industry meets the assistance capability requirements of section 103 by cost-effective methods.

     135. PrimeCo disagrees with DoJ/FBI, stating that we should not limit the number of delivery interfaces. PrimeCo states that many new digital standards are currently under consideration, and contends that the DoJ/FBI proposal contravenes legislatively-imposed parameters by discouraging the development of new services and technologies.

     136. Discussion. As Assistant Attorney General Colgate stated in February 1998, "a single delivery interface is not mandated by CALEA," and we see nothing in the Act that would require that the number of interfaces be limited. We believe, however, that as digital technology evolves, industry will reach agreement on a relatively limited number of delivery interfaces, which should serve to reduce costs to LEAs. Accordingly, we reject the DoJ/FBI proposal to include a standardized delivery interface capability in the final industry standard.

     137. Employee conduct and recordkeeping requirements. The Further NPRM inadvertently included proposals related to employee conduct and recordkeeping requirements for telecommunications carriers. These proposals were carried over from the original Notice of Proposed Rule Making in this proceeding, and are not relevant to the issues we address herein. No comments were filed to the Further NPRM that addressed these proposals. Accordingly, we make no findings regarding them in this decision. We note, however, that these proposals were addressed in our recent Report and Order in this proceeding.

G. Summary of Findings

     138. In this Order, we have finalized technical requirements for wireline, cellular, and broadband PCS carriers. Specifically, we are requiring these carriers to implement the capabilities of the interim standard and six DoJ/FBI punch list items: content of subject-initiated conference calls; party hold, join, drop on conference calls; subject-initiated dialing and signaling information; in-band and out-of-band signaling; timing information; and dialed digit extraction. The core capabilities of the interim standard must be implemented by June 30, 2000, and packet-mode communications and the punch list items must be implemented by September 30, 2001.

IV. PROCEDURAL INFORMATION

A. Final Regulatory Flexibility Analysis

     139. As required by the Regulatory Flexibility Act (RFA), an Initial Regulatory Flexibility Analysis (IRFA) was incorporated in the Further NPRM. The Commission sought written public comments on the proposals in the Further NPRM, including the IRFA. This Final Regulatory Flexibility Analysis (FRFA) conforms to the RFA.

(A) Need for and Purpose of this Action

     140. This Third Report and Order responds to the legislative mandate contained in the Communications Assistance for Law Enforcement Act, Pub. L. No. 103-414, 108 Stat. 4279 (1994) (codified as amended in sections of 18 U.S.C. and 47 U.S.C.). The Commission, in compliance with 47 U.S.C. Section 229, promulgates rules in this Third Report and Order to ensure the prompt implementation of section 103 of CALEA. In enacting CALEA, Congress sought to balance three key policies with CALEA: "(1) to preserve a narrowly focused capability for law enforcement agencies to carry out properly authorized intercepts; (2) to protect privacy in the face of increasingly powerful and personally revealing technologies; and (3) to avoid impeding the development of new communications services and technologies."

     141. The rules adopted in this Third Report and Order implement Congress's goal to balance the three key policies enumerated above. The objective of the rules is to implement as quickly and effectively as possible the national telecommunications policy for wireline, cellular, and broadband PCS telecommunications carriers to support the lawful electronic surveillance needs of law enforcement agencies.

(B) Summary of the Issues Raised by Public Comments Made in Response to the IRFA

     142. Summary of Initial Regulatory Flexibility Analysis (IRFA). In the Further NPRM, the Commission performed an IRFA and asked for comments that specifically addressed issues raised in the IRFA. No parties filed comments directly in response to the IRFA. In response to non-IFRA comments to the Further NPRM, we have modified several of the Commission's proposals, particularly regarding packet switching, conference call content, in-band and out-of-band signaling, and timing information, as discussed above.

(C) Description and Estimates of the Number of Entities Affected by This Third Report and      Order

     143. The RFA directs agencies to provide a description of and, where feasible, an estimate of the number of small entities that may be affected by the action taken. The RFA generally defines the term "small entity" as having the same meaning as the terms "small business," "small organization," and "small governmental jurisdiction." In addition, the term "small business" has the same meaning as the term "small business concern" under the Small Business Act. A small business concern is one that: (1) is independently owned and operated; (2) is not dominant in its field of operation; and (3) satisfies any additional criteria established by the Small Business Administration (SBA). A small organization is generally "any not-for-profit enterprise which is independently owned and operated and is not dominant in its field." Nationwide, as of 1992, there were approximately 275,801 small organizations. And finally, "small governmental jurisdiction" generally means "governments of cities, counties, towns, townships, villages, school districts, or special districts, with a population of less than 50,000." As of 1992, there were approximately 85,006 such jurisdictions in the United States. This number includes 38,978 counties, cities, and towns; of these, 37,566, or 96 percent, have populations of fewer than 50,000. The United States Bureau of the Census (Census Bureau) estimates that this ratio is approximately accurate for all governmental entities. Thus, of the 85,006 governmental entities, we estimate that 81,600 (91 percent) are small entities. Below, we further describe and estimate the number of small business concerns that may be affected by the actions taken in this Third Report and Order.

     144. As noted, under the Small Business Act, a "small business concern" is one that: (1) is independently owned and operated; (2) is not dominant in its field of operation; and (3) meets any additional criteria established by the SBA. The SBA has defined a small business for Standard Industrial Classification (SIC) categories 4812 (Radiotelephone Communications) and 4813 (Telephone Communications, Except Radiotelephone) to be small entities when they have no more than 1,500 employees. We first discuss the number of small telecommunications entities falling within these SIC categories, then attempt to refine further those estimates to correspond with the categories of telecommunications companies that are commonly used under our rules.

     145. Total Number of Telecommunications Entities Affected. The Census Bureau reports that, at the end of 1992, there were 3,497 firms engaged in providing telephone services, as defined therein, for at least one year. This number contains a variety of different categories of entities, including local exchange carriers, interexchange carriers, competitive access providers, cellular carriers, mobile service carriers, operator service providers, pay telephone operators, PCS providers, covered SMR providers, and resellers. It seems certain that some of those 3,497 telephone service firms may not qualify as small entities or small incumbent LECs because they are not "independently owned and operated." For example, a PCS provider that is affiliated with an interexchange carrier having more than 1,500 employees would not meet the definition of a small business. It seems reasonable to conclude, therefore, that fewer than 3,497 telephone service firms are small entity telephone service firms or small incumbent LECs that may be affected by the actions taken in this Third Report and Order.

     146. The most reliable source of current information regarding the total numbers of common carrier and related providers nationwide, including the numbers of commercial wireless entities, appears to be data the Commission publishes annually in its Carrier Locator report, derived from filings made in connection with the Telecommunications Relay Service (TRS). According to data in the most recent report, there are 3,604 interstate carriers. These include, inter alia, local exchange carriers, wireline carriers and service providers, interexchange carriers, competitive access providers, operator service providers, pay telephone operators, providers of telephone toll service, providers of telephone exchange service, and resellers.

     147. We have included small incumbent local exchange carriers (LECs) in this RFA analysis. As noted above, a "small business" under the RFA is one that, inter alia, meets the pertinent small business size standard (e.g., a telephone communications business having 1,500 or fewer employees), and "is not dominant in its field of operation." The SBA's Office of Advocacy contends that, for RFA purposes, small incumbent LECs are not dominant in their field of operation because any such dominance is not "national" in scope. We have therefore included small incumbent LECs in this RFA analysis, although we emphasize that this RFA action has no effect on FCC analyses and determinations in other, non-RFA contexts.

     148. Wireline Carriers and Service Providers (SIC 4813). The Census Bureau reports that there were 2,321 telephone communications companies other than radiotelephone companies in operation for at least one year at the end of 1992. All but 26 of the 2,321 non-radiotelephone companies listed by the Census Bureau were reported to have fewer than 1,000 employees. Thus, even if all 26 of those companies had more than 1,500 employees, there would still be 2,295 non- radiotelephone companies that might qualify as small entities or small incumbent LECs. Although it seems certain that some of these carriers are not independently owned and operated, we are unable at this time to estimate with greater precision the number of wireline carriers and service providers that would qualify as small business concerns under SBA's definition. Consequently, we estimate that there are fewer than 2,295 small entity telephone communications companies other than radiotelephone companies that may be affected by the actions taken in this Third Report and Order.

     149. Local Exchange Carriers, Interexchange Carriers, Competitive Access Providers, and Resellers. Neither the Commission nor SBA has developed a definition of small LECs, interexchange carriers (IXCs), competitive access providers (CAPs), or resellers. The closest applicable definition for these carrier-types under SBA rules is for telephone communications companies other than radiotelephone (wireless) companies. The most reliable source of information regarding the number of these carriers nationwide of which we are aware appears to be the data that we collect annually in connection with the TRS. According to our most recent data, there are 1,410 LECs, 151 IXCs, 129 CAPs, and 351 resellers. Although it seems certain that some of these carriers are not independently owned and operated, or have more than 1,500 employees, we are unable at this time to estimate with greater precision the number of these carriers that would qualify as small business concerns under SBA's definition. Consequently, we estimate that there are fewer than 1,410 small entity LECs or small incumbent LECs, 151 IXCs, 129 CAPs, and 351 resellers that may be affected by the actions taken in this Third Report and Order.

     150. Wireless Carriers (SIC 4812). The Census Bureau reports that there were 1,176 radiotelephone (wireless) companies in operation for at least one year at the end of 1992, of which 1,164 had fewer than 1,000 employees. Even if all of the remaining 12 companies had more than 1,500 employees, there would still be 1,164 radiotelephone companies that might qualify as small entities if they are independently owned are operated. Although it seems certain that some of these carriers are not independently owned and operated, we are unable at this time to estimate with greater precision the number of radiotelephone carriers and service providers that would qualify as small business concerns under SBA's definition. Consequently, we estimate that there are fewer than 1,164 small entity radiotelephone companies that may be affected by the actions taken in this Third Report and Order.

     151. Cellular, PCS, SMR and Other Mobile Service Providers. In an effort to further refine our calculation of the number of radiotelephone companies that may be affected by the actions taken in this Second Report and Order, we consider the data that we collect annually in connection with the TRS for the subcategories Wireless Telephony (which includes PCS, Cellular, and SMR) and Other Mobile Service Providers. Neither the Commission nor the SBA has developed a definition of small entities specifically applicable to these broad subcategories, so we will utilize the closest applicable definition under SBA rules, which is for radiotelephone communications companies. According to our most recent TRS data, 732 companies reported that they are engaged in the provision of Wireless Telephony services and 23 companies reported that they are engaged in the provision of Other Mobile Services. Although it seems certain that some of these carriers are not independently owned and operated, or have more than 1,500 employees, we are unable at this time to estimate with greater precision the number of Wireless Telephony Providers and Other Mobile Service Providers, except as described below, that would qualify as small business concerns under SBA's definition. Consequently, we estimate that there are fewer than 732 small entity Wireless Telephony Providers and fewer than 23 small entity Other Mobile Service Providers that might be affected by the actions taken in this Second Report and Order.

     152. Broadband PCS Licensees. The broadband PCS spectrum is divided into six frequency blocks designated A through F, and the Commission has held auctions for each block. The Commission defined "small business" for Blocks C and F as an entity that has average gross revenues of not more than $40 million in the three previous calendar years. These regulations defining "small business" in the context of broadband PCS auctions have been approved by SBA. No small businesses within the SBA-approved definition bid successfully for licenses in Blocks A and B. There have been 237 winning bidders that qualified as small entities in the four auctions that have been held for licenses in Blocks C, D, E and F, all of which may be affected by the actions taken in this Second Report and Order.

     153. Cellular Licensees. According to the Bureau of the Census, only twelve radiotelephone firms from a total of 1,178 such firms which operated during 1992 had 1,000 or more employees. Therefore, even if all twelve of these firms were cellular telephone companies, nearly all cellular carriers were small businesses under the SBA's definition. In addition, we note that there are 1,758 cellular licenses; however, a cellular licensee may own several licenses. In addition, according to the most recent Carrier Locator data, 732 carriers reported that they were engaged in the provision of either cellular service or PCS services, which are placed together in the data. We do not have data specifying the number of these carriers that are not independently owned and operated or have more than 1,500 employees, and thus are unable at this time to estimate with greater precision the number of cellular service carriers that would qualify as small business concerns under the SBA's definition. Consequently, we estimate that there are fewer than 732 small cellular service carriers that may be affected by the actions taken in this Second Report and Order.

(D) Description of Projected Reporting, Recordkeeping and Other Compliance Requirements.

     154. No reporting and recordkeeping requirements are imposed on telecommunications carriers, thus burdens on carriers, including small carriers, are not increased as a result of actions taken herein. Telecommunications carriers, including small carriers, will have to upgrade their network facilities to provide to law enforcement the assistance capability requirements adopted herein. Although compliance with the technical requirements will impose costs on carriers, the record was not sufficient to analyze thoroughly the costs to carriers, including small carriers (see paragraph 30, supra).

(E) Steps Taken to Minimize Significant Economic

Impact on Small Entities and Significant Alternatives Considered.

     155. The need for the regulations adopted herein is mandated by Federal legislation. In the final regulations, we affirm our proposals in the Further NPRM to establish regulations for wireline, cellular, and broadband PCS telecommunications carriers. Costs to telecommunications carriers will be mitigated in several ways. For example, the final regulations will require telecommunications carrier's to make available to law enforcement call identifying information when it can be done without unduly burdening the carrier with network modifications, thus allowing cost to be a consideration in determining whether the information is reasonably available to the carrier and can be provided to law enforcement (see paragraphs 28-29, supra). Thus, compliance with the assistance capability requirements of CALEA will be reasonable for all carriers, including small carriers. Also, under CALEA some carriers will be able to request reimbursement from the Department of Justice for network upgrades to comply with the technical requirements adopted herein, and others may be able to defer network upgrades to their normal business cycle under a plan being developed by the Department of Justice.

Report to Congress

     156. The Commission will send a copy of this FRFA, along with this Third Report and Order, in a report to Congress pursuant to the Small Business Regulatory Enforcement Fairness Act of 1996, 5 U.S.C. Section 801(a)(1)(A). In addition, the Commission will send a copy of this Third Report and Order, including the FRFA, to the Chief Counsel for Advocacy of the Small Business Administration. A copy of this Third Report and Order, including FRFA, will also be published in the Federal Register. See 5 U.S.C. Section 604(b).

B. Paperwork Reduction Act of 1995 Analysis

     157. This Third Report and Order does not contain a modified information collection.

V. ORDERING CLAUSES

     158. Accordingly, IT IS ORDERED that, pursuant to sections 1, 4, 229, 301, 303, and 332 of the Communications Act of 1934, as amended, and 107(b) of the Communications Assistance for Law Enforcement Act, 47 U.S.C. Sections 151, 154, 229, 301, 303, 332, and 1006(b), this Third Report and Order and the rules specified in Appendix A ARE ADOPTED.

     159. IT IS FURTHER ORDERED that the rules set forth in Appendix A WILL BECOME EFFECTIVE 90 days after publication in the Federal Register.

     160. IT IS FURTHER ORDERED that the Regulatory Flexibility Analysis, as required by Section 604 of the Regulatory Flexibility Act and as set forth above, IS ADOPTED.

     161. IT IS FURTHER ORDERED that the Commission's Office of Public Affairs, Reference Operations Division, SHALL SEND a copy of this Third Report and Order, including the Final Regulatory Flexibility Analysis, to the Chief Counsel for Advocacy of the Small Business Administration.

FEDERAL COMMUNICATIONS COMMISSION

VI. APPENDIX A: FINAL RULES

AMENDMENTS TO THE CODE OF FEDERAL REGULATIONS

PART 22- PUBLIC MOBILE SERVICES

A. Part 22 of the Code of Federal Regulations is amended as follows:

1. The authority citation in Part 22 continues to read:

AUTHORITY: 47 U.S.C. 154, 222, 303, 309 and 332.

2. The table of contents for Part 22 is amended to add Subpart J to read as follows:

Subpart J - Required New Capabilities Pursuant to the Communications Assistance for Law Enforcement Act (CALEA)

Section 22.1100 Purpose.

Pursuant to the Communications Assistance for Law Enforcement Act (CALEA), Pub. L. No. 103-414, 108 Stat. 4279 (1994) (codified as amended in sections of 18 U.S.C. and 47 U.S.C.), this subpart contains rules that require a cellular telecommunications carrier to implement certain capabilities to ensure law enforcement access to authorized communications or call-identifying information.

Section 22.1101 Scope.

The definitions included in this subpart shall be used solely for the purpose of implementing CALEA requirements.

Section 22.1102 Definitions.

Call Identifying Information. Call identifying information means dialing or signaling information that identifies the origin, direction, destination, or termination of each communication generated or received by a subscriber by means of any equipment, facility, or service of a telecommunications carrier. Call identifying information is "reasonably available" to a carrier if it is present at an intercept access point and can be made available without the carrier being unduly burdened with network modifications.

Collection Function. The location where lawfully authorized intercepted communications and call-identifying information is collected by a law enforcement agency (LEA).

Content of subject-initiated conference calls. Capability that permits a LEA to monitor the content of conversations by all parties connected via a conference call when the facilities under surveillance maintain a circuit connection to the call.

Dialed digit extraction. Capability that permits a LEA to receive on the call data channel digits dialed by a subject when a call is connected to another carrier's service for processing and routing.

In-band and out-of-band signaling      . Capability that permits a LEA to be informed when a network message that provides call identifying information (e.g., ringing, busy, call waiting signal, message light) is generated or sent by the IAP switch to a subject using the facilities under surveillance. Excludes signals generated by customer premises equipment when no network signal is generated.

Intercept Access Point (IAP). Intercept access point is a point within a carrier's system where some of the communications or call-identifying information of an intercept subject's equipment, facilities, and services are accessed.

J-STD-025. The interim standard developed by the Telecommunications Industry Association and the Alliance for Telecommunications Industry Solutions for wireline, cellular, and broadband PCS carriers. This standard defines services and features to support lawfully authorized electronic surveillance, and specifies interfaces necessary to deliver intercepted communications and call-identifying information to a LEA

LEA. Law enforcement agency; e.g., the Federal Bureau of Investigation or a local police department.

Party hold, join, drop on conference calls      . Capability that permits a LEA to identify the parties to a conference call conversation at all times.

Subject-initiated dialing and signaling information      . Capability that permits a LEA to be informed when a subject using the facilities under surveillance uses services that provide call identifying information, such as call forwarding, call waiting, call hold, and three-way calling. Excludes signals generated by customer premises equipment when no network signal is generated.

Timing information. Capability that permits a LEA to associate call-identifying information with the content of a call. A call-identifying message must be sent from the carrier's IAP to the LEA's Collection Function within eight seconds of receipt of that message by the IAP at least 95% of the time, and with the call event time-stamped to an accuracy of at least 200 milliseconds.

Section 22.1103 Capabilities that must be provided by a cellular telecommunications carrier.

(a) Except as provided under paragraph (b), as of June 30, 2000 a cellular telecommunications carrier shall provide to a LEA the assistance capability requirements of CALEA, see 47 U.S.C. Section 1002. A carrier may satisfy these requirements by complying with publicly available technical requirements or standards adopted by an industry association or standard-setting organization, such as J-STD-025.

(b) As of September 30, 2001 a cellular telecommunications carrier shall provide to a LEA communications and call-identifying information transported by packet-mode communications and the following capabilities: (1) Content of subject-initiated conference calls; (2) Party hold, join, drop on conference calls; (3) Subject-initiated dialing and signaling information      ; (4) In-band and out-of-band signaling; (5) Timing information; (6) Dialed digit extraction.

PART 24- PERSONAL COMMUNICATIONS SERVICES

B. Part 24 of the Code of Federal Regulations is amended as follows:

1. The authority citation in Part 24 continues to read:

2. The table of contents for Part 24 is amended to add Subpart J to read as follows:

Subpart J - Required New Capabilities Pursuant to the Communications Assistance for Law Enforcement Act (CALEA)

Section 24.900 Purpose.

Pursuant to the Communications Assistance for Law Enforcement Act (CALEA), Pub. L. No. 103-414, 108 Stat. 4279 (1994) (codified as amended in sections of 18 U.S.C. and 47 U.S.C.), this subpart contains rules that require a broadband PCS telecommunications carrier to implement certain capabilities to ensure law enforcement access to authorized communications or call-identifying information.

Section 24.901 Scope.

The definitions included in this subpart shall be used solely for the purpose of implementing CALEA requirements.

Section 24.902 Definitions.

Call Identifying Information. Call identifying information means dialing or signaling information that identifies the origin, direction, destination, or termination of each communication generated or received by a subscriber by means of any equipment, facility, or service of a telecommunications carrier. Call identifying information is "reasonably available" to a carrier if it is present at an intercept access point and can be made available without the carrier being unduly burdened with network modifications.

Collection Function. The location where lawfully authorized intercepted communications and call-identifying information is collected by a law enforcement agency (LEA).

Content of subject-initiated conference calls. Capability that permits a LEA to monitor the content of conversations by all parties connected via a conference call when the facilities under surveillance maintain a circuit connection to the call.

Dialed digit extraction. Capability that permits a LEA to receive on the call data channel a digits dialed by a subject after a call is connected to another carrier's service for processing and routing.

IAP. Intercept access point is a point within a carrier's system where some of the communications or call-identifying information of an intercept subject's equipment, facilities, and services are accessed.

In-band and out-of-band signaling      . Capability that permits a LEA to be informed when a network message that provides call identifying information (e.g., ringing, busy, call waiting signal, message light) is generated or sent by the IAP switch to a subject using the facilities under surveillance. Excludes signals generated by customer premises equipment when no network signal is generated.

J-STD-025. The interim standard developed by the Telecommunications Industry Association and the Alliance for Telecommunications Industry Solutions for wireline, cellular, and broadband PCS carriers. This standard defines services and features to support lawfully authorized electronic surveillance, and specifies interfaces necessary to deliver intercepted communications and call-identifying information to a LEA

LEA. Law enforcement agency; e.g., the Federal Bureau of Investigation or a local police department.

Party hold, join, drop on conference calls      . Capability that permits a LEA to identify the parties to a conference call conversation at all times.

Subject-initiated dialing and signaling information      . Capability that permits a LEA to be informed when a subject using the facilities under surveillance uses services that provide call identifying information, such as call forwarding, call waiting, call hold, and three-way calling. Excludes signals generated by customer premises equipment when no network signal is generated.

Timing information. Capability that permits a LEA to associate call-identifying information with the content of a call. A call-identifying message must be sent from the carrier's IAP to the LEA's Collection Function within eight seconds of receipt of that message by the IAP at least 95% of the time, and with the call event time-stamped to an accuracy of at least 200 milliseconds.

Section 24.903 Capabilities that must be provided by a broadband PCS telecommunications carrier.

     (a) Except as provided under paragraph (b), as of June 30, 2000 a cellular telecommunications carrier shall provide to a LEA the assistance capability requirements of CALEA, see 47 U.S.C. Section 1002. A carrier may satisfy these requirements by complying with publicly available technical requirements or standards adopted by an industry association or standard-setting organization, such as J-STD-025.

     (b) As of September 30, 2001 a cellular telecommunications carrier shall provide to a LEA communications and call-identifying information transported by packet-mode communications and the following capabilities: (1) Content of subject-initiated conference calls; (2) Party hold, join, drop on conference calls; (3) Subject-initiated dialing and signaling information      ; (4) In-band and out-of-band signaling; (5) Timing information; (6) Dialed digit extraction.

PART 64 - MISCELLANEOUS RULES RELATING TO COMMON CARRIERS

C. Part 64 of the Code of Federal Regulations is amended as follows:

1. The authority citation for Part 64 is amended to read as follows:

2. The table of contents for Part 64 is amended to add Subpart W to read as follows:

Subpart W - Required New Capabilities Pursuant to the Communications Assistance for Law Enforcement Act (CALEA)

Section 64.2200 Purpose.

Pursuant to the Communications Assistance for Law Enforcement Act (CALEA), Pub. L. No. 103-414, 108 Stat. 4279 (1994) (codified as amended in sections of 18 U.S.C. and 47 U.S.C.), this subpart contains rules that require a wireline telecommunications carrier to implement certain capabilities to ensure law enforcement access to authorized communications or call-identifying information.

Section 64.2201 Scope.

The definitions included in this subpart shall be used solely for the purpose of implementing CALEA requirements.

Section 64.2202 Definitions.

Call Identifying Information. Call identifying information means dialing or signaling information that identifies the origin, direction, destination, or termination of each communication generated or received by a subscriber by means of any equipment, facility, or service of a telecommunications carrier. Call identifying information is "reasonably available" to a carrier if it is present at an intercept access point and can be made available without the carrier being unduly burdened with network modifications.

Collection Function. The location where lawfully authorized intercepted communications and call-identifying information is collected by a law enforcement agency (LEA).

Content of subject-initiated conference calls. Capability that permits a LEA to monitor the content of conversations by all parties connected via a conference call when the facilities under surveillance maintain a circuit connection to the call.

Dialed digit extraction. Capability that permits a LEA to receive on the call data channel a digits dialed by a subject after a call is connected to another carrier's service for processing and routing.

IAP. Intercept access point is a point within a carrier's system where some of the communications or call-identifying information of an intercept subject's equipment, facilities, and services are accessed.

In-band and out-of-band signaling      . Capability that permits a LEA to be informed when a network message that provides call identifying information (e.g., ringing, busy, call waiting signal, message light) is generated or sent by the IAP switch to a subject using the facilities under surveillance. Excludes signals generated by customer premises equipment when no network signal is generated.

J-STD-025. The interim standard developed by the Telecommunications Industry Association and the Alliance for Telecommunications Industry Solutions for wireline, cellular, and broadband PCS carriers. This standard defines services and features to support lawfully authorized electronic surveillance, and specifies interfaces necessary to deliver intercepted communications and call-identifying information to a LEA

LEA. Law enforcement agency; e.g., the Federal Bureau of Investigation or a local police department.

Party hold, join, drop on conference calls      . Capability that permits a LEA to identify the parties to a conference call conversation at all times.

Subject-initiated dialing and signaling information      . Capability that permits a LEA to be informed when a subject using the facilities under surveillance uses services that provide call identifying information, such as call forwarding, call waiting, call hold, and three-way calling. Excludes signals generated by customer premises equipment when no network signal is generated.

Timing information. Capability that permits a LEA to associate call-identifying information with the content of a call. A call-identifying message must be sent from the carrier's IAP to the LEA's Collection Function within eight seconds of receipt of that message by the IAP at least 95% of the time, and with the call event time-stamped to an accuracy of at least 200 milliseconds.

Section 64.2203 Capabilities that must be provided by a wireline telecommunications carrier.

(a) Except as provided under paragraph (b), as of June 30, 2000 a cellular telecommunications carrier shall provide to a LEA the assistance capability requirements of CALEA, see 47 U.S.C. Section 1002. A carrier may satisfy these requirements by complying with publicly available technical requirements or standards adopted by an industry association or standard-setting organization, such as J-STD-025.

(b) As of September 30, 2001 a cellular telecommunications carrier shall provide to a LEA communications and call-identifying information transported by packet-mode communications and the following capabilities:

(1) Content of subject-initiated conference calls;
(2) Party hold, join, drop on conference calls;
(3) Subject-initiated dialing and signaling information;
(4) In-band and out-of-band signaling;
(5) Timing information;
(6) Dialed digit extraction.

VII. APPENDIX B: MANUFACTURERS' REVENUE ESTIMATES

Capability
Estimated Total Revenues ($millions)
Estimated Wireless Revenues ($millions)
Estimated Wireline Revenues ($millions)

J-STD-025
$916
$348
$569

Subject-initiated conference calls
$ 37 (4%, 9%)
$ 15 (4%, 6%)
$ 22 (4%, 12%)

Party hold, join, drop messages
$ 64 (7%, 15%)
$ 42 (12%, 18%)
$ 22 (4%, 12%)

Subject-initiated dialing and signaling
$ 35 (4%, 8%)
$ 27 (8%, 12%)
$ 8 (1%, 4%)

In-band and out-of-band signaling
$ 57 (6%, 14%)
$ 30 (9%, 13%)
$ 27 (5%, 15%)

Timing information
$ 20 (2%, 5%)
$ 13 (4%, 6%)
$ 8 (1%, 4%)

Surveillance status messages
$ 37 (4%, 9%)
$ 24 (7%, 10%)
$ 13 (2%, 7%)

Continuity check tones
$ 3 (0.3%, 0.7%)
$ 3 (0.9%, 1.3%)
$ 0 (0%, 0%)

Feature status messages $ 40 (4%, 10%)
$ 19 (5%, 8%)
$ 21 (4%, 12%)

Dialed digit extraction
$121 (13%, 29%)
$ 60 (17%, 26%)
$ 60 (11%, 33%)

Total punch list
$414
$234
$180

VIII. APPENDIX C: COMMENTING PARTIES

Comments to Further NPRM

Reply Comments to Further NPRM

Comments to May 1999 Public Notice

Reply Comments to May 1999 Public Notice

[end]

Please send any questions or comments to webmaster@eff.org